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[57] ABSTRACT 

A hub circuit with an integrated bridge circuit carried out in 
software including a switch for bypassing the bridge process 
such that the two bridged networks effectively become one 
network. An in-band management process in software is 
disclosed which receives and executes network management 
commands received as data packets from the I^ANs coupled 
to the integrated hub/bridge. Also, hardware and software to 
implement an isolate mode where data packets which would 
ordinarily be transferred by the bridge process are not 
transferred except in-band management packets are trans- 
ferred to the in-band management process regardless of 
which network from which they arrived. Also disclosed, a 
packet switching machine having shared high-speed 
memory with multiple ports, one port coupled to a plurality 
of LAN controller chips coupled to individual LAN seg- 
ments and an Ethernet microprocessor that sets up and 
manages a receive buffer for storing received packets and 
transferring pointers thereto to a main processor. The main 
processor is coupled to another port of the memory and 
analyzes received packets for bridging to other LAN seg- 
ments or forwarding to an SNMP agent. The main micro- 
processor and the Ethernet processor coordinate to manage 
the utilization of storage locations in the shared memory. 
Another port is coupled to an uplink interface to higher 
speed backbone media such as FDDI, ATM etc Speeds up 
to media rate are achieved by only moving pointers to 
packets around in memory as opposed to the data of the 
packets itself. A double password security feature is also 
implemented in some embodiments to prevent accidental or 
intentional tampering with system configuration settings. 

18 Claims, 13 Drawing Sheets 
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NETWORK PACKET SWITCH USING which aid in forwarding data packets from one network 

SHARED MEMORY FOR REPEATING AND segment or one network to another, operate at the Data Link 

BRIDGING PACKETS AT MEDIA RATE layer. 

The Network Layer deals with transfer of data between 

This application is a continuation of application Ser. No. 5 devices on different networks. The Network Layer adds the 

08/498,116, filed Jul. 5, 1995; which is a C3P of application notion- of network addresses which are specific identifiers for 

Ser. No. 07/881,931, filed May 12, 1992, now U.S. Pat No. ™* intermediate network between a. data source and a 

5 432 907 destination. Routers, which are devices which assist in 

' * transferring data packets from one network to another, 

BACKGROUND OF THE INVENTION l0 operate at the Network Layer. 

TTie invention pertains to the field of networks for com- ™ c JTO called the higher layers, are the 

iuc luvcuuuu pwuuija w n«u ui u»wvi M W m Transport Layer, Session Layer, Presentation Layer and 

mumcauons between computers, and, more specifically, to AppIi ^ tion & ya . These layers deal with communication 

improvements in hubs for such networks. between message source and message destination. The 

Networks serve the purpose of connecting many different transport layer manages the transfer of data from a source 

computers or terminals to each other, host computers, 15 program to a destination program. Process addresses, which 

printers, file servers etc. so that expensive computing assets, identify specific "processes", i.e., computer programs, are 

programs, files and other data may be shared among many implemented at this layer. Gateways operate at these higher 

users. Communication protocols and standards for networks OSI layers. 

developed quickly to standardize the way in which data Within the OSI model, the user presents data through 

packets were sent across the data exchange media of the 20 application programs to the highest layer. This data is then 

network. Several protocols have developed for networks passed downward through the hierarchy of layers with each 

including Ethernet™, Token Ring™, FOIRL and FDDI, the layer adding addressing and/or control information. When 

latter two being adapted for fiber optic physical media the data reaches the physical layer, it is sent to a device, 

carrying the signals. Conversely, received data is passed up through the layers 

The physical media first used on Ethernet were thick with each layer stripping address or control information, 

coaxial cables, and a standard called lOBaseS was developed One way to think of a protocol is a common language by 

for assuring multi-vendor compatibility between compo- which computers may ccanmunicate, but a more accurate 

nents in thick coax, mix and match networks where network way is as a set of rules by which data is communicated 

components from different vendors were used. These thick ^ between identical OSI layers. 

coax lines were bulky, expensive and hard to work with. There are other coinmunication protocols beside the OSI 

Later, thinner coax Ethernet was developed, and, as an Model. These include TCP/IP, XNS, IPX, AppleTalk, DEC- 

alternative to coax, unshielded twisted pair wires were used nct and SNA. Each of these protocols has its own layer 

for the physical media. A vendor compatibility standard model. For example, TCP/IP collapses network functionality 

called lOBaseT developed for twisted pair media. 35 mto only 4 layers, while AppleTalk has 6 layers. 

Networks have their own hardware and software to inter- All network media have a limitation on the maximum 
face with the physical media that carry the signals, and the volume of traffic that may be carried based upon the band- 
network software must interface with the operating system ^dtii imposed by the physical characteristics of the media, 
software. Computers communicate with each other using a Ethernet bandwidth is 10 Megabits/second. This acts a limit 
set of rules called a protocol. A group of protocols, all related ^ onmeh^cvolumeandcanliimtmenuinberof computers, 
to the same model are called a protocol suite. To encourage wmch be connected to a single "segment" of a network, 
open systems, a common model called OSI was developed A segment is section of a network connected to a group of 
by the International Standards Organization. OSI engen- machines which may communicate with each other via 
dered a protocol suite which allows computers of all sizes repeater operations without having to traverse a bridge or 
and capabilities the world over to communicate using a 45 ro «ter. Bridges and routers are useful in that they allow 
common set of rules. connections of multiple segments such that more computers 

The OSI model has seven layers of software, each of may communicate with each other than would otherwise be 

which makes different functionality available to computers possible given the limited bandwidth of the media, 

communicating using this model. Each layer in the model Each bridge and router requires certain other peripheral 

deals with specific computer-communication functions. 50 circuitry to support it such as LAN controllers, a CPU, a 

The Physical Layer is the lowest layer and specifies the power supply, a network management process, memory to 

rules for transmission of signals across the physical media. store bridge source and destination address tables and vari- 

Hubs, also known as repeaters, have multiple connections to ous other things like status registers etc. Likewise, repeaters 

this physical media called ports. The purpose of a hub is to require many support circuits many of which are the same 

receive data packets from one port and repeat these packets, 55 support circuits needed by bridges and routers. Further, 

Le., retransmit them on every other port connected to the hub bridges, routers and repeaters or hubs require initialization to 

according to whatever protocol, e.g., Ethernet, etc., which is set them up for operations, and they require initial installa- 

in use. Hon labor to set them up properly to operate in a particular 

The Data Link layer deals with transmission of data network configuration. In addition, each type machine is 

between devices on the same network. In addition to 60 subject to network management considerations, assuming an 

describing how a device accesses the physical media, this intelligent hub. An intelligent hub is one which collects 

layer also provides some measure of error detection and statistics about traffic flow through its ports, can electro ni- 

oontroL Local Area Network (LAN) technologies such as cally turn ports on and off and which provides error correc- 

Ethernet, Token Ring and FDDI operate at this layer. Data tion and detection services. Intelligent bridges, routers and 

link addresses are implemented at this layer, and provide 65 hubs supply status information upon request from network 

each device connected to the network a unique identifier by management processes and can respond to network man- 

which packets may be sent to it Bridges, which are devices agement commands, such as shut off a particular port 
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In the prior art, bridges and routers were separate circuits network segments, two cards are needed each of which can 

from hubs and this created needless duplication of many service up to 25 user machines. If the network has only 27 

peripheral circuits which were common between hubs and users, such a concentrator represents too big and complex of 

bridges and which could be shared. This needless duplies- a structure to be affordable and justifiable for such an 

tion cost more and provided more points of failure. For 5 application. 

example, if the bridge power supply failed or the CPU Mo(ha problem ^ concentrators such as the Penrfl 

!*f, CWl,eS 0 ?„ u C DC iT SC8 2 Cn £ 0n 2500 series is their lack of "stackability". The problem is 

sutotfflKln^wo^tecrt^lhmi e^ cAK this. Suppose a particular bimding had 3 users on the ground 

Typically, a brMge is connected to a hub by a separate ^ ^ q{ 2Q h * users on mc 4th floor OT 

ocal area network segment which .tsetf requ^s two port 10 spaced away from the 3 users on the ground floor 

interface circuits such as LAN controllers and AUI s . v ... J . . 4 , . _ mt> t 

(generic network interfaces) with appropriate port drivers \* ***** W J"<* 1S ^ US under the max— lOBascT 
adapted for the specific media used to the bridge-hub LAN . <* ble ™ Pitted by the applicable Ethernet specification, 
segment This bridge-hub LAN segment represents an addi- ^ use of a concentrator requires that every one of the 
tional expense, requires management and provides addi- group of 20 users has his own twisted pair running from his 
tional points of failure which could disable the network. An 15 machine back to the concentrator. The same is true for thick 
intelligent hub coupled to a bridge or router by a separate and thin coaxial cable installations. Such a configuration can 
LAN segment then requires three different device addresses be prohibitively expensive because a great deal of wire or 
for management message traffic, and creates more possibil- coax must be used and the expense of installing all that 
ity for a network failure in multiplying the number of points wiring through the walls and ceilings can be large. Now 
of possible failure. 20 suppose that the distance to the group of 20 from the 

Another drawback of separate bridge/router and hub concentrator is larger than the rnaximum allowable cable 
circuits is that bridge/routers do not usually include a mode run. In such a case, the complex wiring cannot be used, and 
where the bridge/routing function can be bypassed. The if those users must be able to share resources with the 3 users 
ability to bypass the bridge/routing function provides flex- 0 n the first floor, another concentrator must be purchased, 
ibility in network growth as small networks do not need 25 Concentrators like the Penril are not inexpensive. Typical 
bridging functions until the maximum network traffic vol- costs t0 ^ y are in the neighborhood of $30,000 for the 
ume starts to exceed the available network bandwidth. The concentrator frame and about $6000 for each card, 
ability to selectively bypass the bridge/routing function . . ... . t . , , ^ 

* 1 j ]J1 A , . r4 T . . ; * o A similar problem arises in large networks in big com- 

gives a network designer the ability to design a small , , r c . J . . %. 

„ . . . : . u nr , n u,ww ««rk„u* pames who may, for example, have a branch office in 

network which has a built in capacity to grow 1^ mthout 30 ^her state with only 6 userl If those users must share data 
adding new components and improves the ability to trouble- ?aT£ I; 1! T 1 * 

shoot the network or 1050111008 connected to the network at the parent 

j - - - 1 . * . , . _^ - r company, they must be on the same network as the users at 

Inte^ated hubs and bridges existed as option cards for ^imc* company. With concentrator technology, the 6 
concentotor chassis at the tune tois patent appficaUon was ^ ^ ^^ce must te conriect e4 to the C oncen- 
filcd. One example of such a device is the Penril 2530 35 ^ * the parent company by a wide area network (WAN) 
concentrator card with fuU r^o^^ bridgmg although it conncctioiL ^ e Penr 7 concentrator 2500 series has a card 
is not curxentiy known whether tlus device qualifies as prior modiAe wh ich implements a WAN interface, but 

art because the copyright date of me Uterature on this ; device ^ 6 ^ m me ^ 0 ^ must ^ ^ a concentrator 
is dated the same month as fi^g d^ of the ^ ^ interface card into. Therefore, the 

patent appUc^ 40 ^ ^ ^ ^ 6 user Mtwork t 

centraUon and bridging card for the Penril 2500 series lo £ ted fa / nccds to be. 

concentrator combines a hub and badge which operates at ^ 4 

all times on the same printed circuit board. The design of the Tbi^ a nccd has anscn for an apparatus which can 
Penril 2500 concentrators were for large networks. The 2530 P^ 0 ™ *e functionality of bridges or routers and hubs 
card slides into a card slot on the 2500 series concentrator 45 wlthout m * aforemenhoned defiaenaes, and which can 
which can also service a plurality of such cards, The overcome the aforementioned difficulties with concentrator 
concentrator frame is believed to contain certain shared technology msmaller networks or large network will small 
features such as power supply etc. and has a local, internal satellite networks. 

LAN segment that couples all the repeater/bridge cards SUMMARY OF THE INVENTION 

together so mat they can send data back and forth between so 

them. The repeater on each card can be coupled to up to 25 According to a broad teaching of the invention, there is 
machines on the network segment connected to that card and disclosed herein, inter alia, a packet switching machine 
the integrated bridge continuously bridges the network seg- having shared high-speed memory with multiple ports. One 
ment coupled to a particular card to the internal LAN port is coupled to a plurality of LAN controller chips each 
segment such that a machine coupled to a LAN segment 55 of which is coupled to its own media access unit and an 
coupled to card 1 can send a packet to a machine coupled to individual LAN segment The port coupled to the LAN 
a LAN segment coupled to card 2 via the bridge on card 1, controllers is also coupled to an Ethernet processor that 
the internal LAN segment of the concentrator, the bridge on serves to set up, manage and monitor a receive buffer having 
card 2 and the repeater on card 2. No distributed manage- enough space to store packets received by all the LAN 
ment functionality is integrated on either card 1 or 2. That 60 controller chips. The Ethernet process also sets up and 
management functionality is placed on a third card which manages a transmit buffer for each LAN controller chip and 
resides on a different card slot If the management card sets up and monitors a descriptor ring which stores status 
broke, the repeaters and bridges in cards 1 and 2 could not data maintained by the LAN controller chips and pointers to 
be controlled. likewise, if the internal LAN broke, user 1 the transmit and receive buffer portions of the shared 
could not send data to user 2 or vice versa. & memory. 

A concentrator structures like the Penril 2500 series is When a LAN controller receives a packet, the packet is 
designed for large networks since to connect two external stored in the receive buffer in shared memory, and a pointer 
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to that packet is written into the receive portion of die 
portion of the descriptor ring devoted to that LAN controller. 
The LAN controller sets a status bit in the receive portion of 
the portion of the descriptor ring that is devoted to that LAN 
controller when packet reception starts indicating that a 5 
packet is being received. After packet reception is complete 
and error detection has been done and the packet is deemed 
to be correct, the LAN controller sets another bit in the 
receive portion of the portion of the descriptor ring that is 
devoted to that LAN controller indicating that the packet has 1Q 
been correctly received. 

The Ethernet process monitors status bits set in the 
descriptor ring by the LAN controller chips that indicate 
when a packet has been successfully received, and, when 
this event occurs, reads the pointer to the packet from the l5 
descriptor ring and transfers the pointer to a queue which is 
monitored by a main processor coupled to another port of the 
shared memory. The main processor is coupled to another 
port of the memory and monitors its queue for the presence 
of pointers. When a pointer to a received packet is found, the 20 
main processor accesses the packet and determines from the 
packet's address data what to do with the packet. If the 
packet is addressed to a machine coupled to the media 
segment of a different LAN controller than the LAN con- 
troller that received the packet, the main processor writes a 25 
pointer to the packet into the transmit buffer of the LAN 
controller coupled to the media segment on which the packet 
is to be transmitted. If the packet is a management packet, 
a pointer to the packet is written into a management queue 
which is monitored by an SNMP agent so as to forward the 30 
packet to the SNMP agent for processing. The SNMP agent 
and the packet switching tasks are time division multiplexed 
with a console process by an operating system kernel. 

The .main microprocessor and the Ethernet processor 
coordinate to manage the utilization of storage locations in 35 
the shared memory. When the main microprocessor writes a 
pointer to a packet into one or more transmit buffers, it also 
accesses a reference count in a predetermined field in the 
packet stored in the receive buffer and writes a number 
therein indicating the number of LAN controllers that are 40 
scheduled to transmit (he packet The LAN controllers also 
write status bits into transmit portions of the descriptor 
record in the portion of the descriptor ring devoted to that 
LAN controller. The Ethernet processor monitors the trans- 
mit portions of the descriptor ring. When the Ethernet 45 
processor determines that a status bit for a particular LAN 
controller indicates that the LAN controller has successfully 
transmitted a packet, the Ethernet processor accesses the 
reference count field in the packet and decrements the 
reference count. When the reference count reaches zero, the 50 
Ethernet processor writes a pointer to the storage location in 
which that packet is stored in the receive buffer into a Free 
Queue indicating that the storage locations currently occu- 
pied by the packet are free to be used to store other incoming 
packets. 55 

Another port of the shared memory is coupled to an uplink 
interlace to higher speed backbone media such as FDDI, 
ATM etc. The main microprocessor can forward packets to 
these interfaces by writing pointers into transmit buffers 
dedicated to these interfaces in the shared memory, and 60 
received packets are written into the receive buffer as if they 
were received by a LAN controller. 

In some embodiments, another port of the shared memory 
is coupled to an expansion interface having another micro- 
processor which serves to load share with the Ethernet 65 
processor and the main processor to achiever higher speed ' 
operation. 
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Speeds up to media rate are achieved by only moving 
pointers to packets around in memory as opposed to the data 
of the packets itself. 

Adouble password security feature is also implemented in 
some embodiments to prevent accidental or intentional 
tampering with system configuration settings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram of a typical network environ- 
ment in which the teachings of the invention find utility. 

FIG. 2 is a block diagram of one embodiment of the 
invention employing the broad concept of integration of a 
bridge with a hub in the same package to share circuitry and 
eliminate points of failure which would exist if the bridge 
and hub were separate circuits. 

FIG. 3 is a block diagram of another embodiment of the 
invention with dual network two transceivers for fault 
tolerance. 

FIG. 4 is a data flow diagram illustrating the three 
software processes that are executed in the preferred 
embodiment, to perform bridging, in-band management and 
out-of-band management functions. 

FIGS. 5A and 5B are a flow diagram of the processing of . 
the bridge process illustrating operation of the forwarding 
vectors. 

FIGS. 6A and 6B are a block diagram of the circuitry of 
the preferred embodiment. 

FIG. 7 is a block diagram illustrating an embodiment of 
a packet switching network hub. 

FIG. 8 is a block diagram illustrating a species of 
machines built in accordance with and operating in accor- 
dance with the present invention. 

FIG. 9 is a block diagram illustrating the process carried 
out according to the present invention. 

FIG. lOAis a more detailed block diagram illustrating the 
operation of FIG. 9. 

FIG. 10B is a block diagram illustrating the process 
carried out by the main microprocessor shown in FIG. 9. 

FIG. 11 is a block diagram illustrating a flow of the 
process carried out by the Ethernet processor of FIG. 9. 

FIG. 12 is a block diagram illustrating an embodiment of 
the present invention utilizing a dual password security 
arrangement 

DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENT 

Referring to FIG. 1 there is shown a typical network 
installation in which the teachings of the invention find use. 
A redundant power supply 10 supplies a fiber optic hub 12 
which has a plurality of fiber optic parts indicated generally 
at 14. Each of these ports is connected to a fiber optic 
physical data transmission media via a port driver circuit not 
shown. Each of the fiber optic media is indicated by a line 
with three slash marks through it These media are coupled 
to mainframe computers 16 and 18, laser printer 20 and three 
personal computers 22/24 and 26. Data transmitted to the 
fiber optic hub 12 by any of the computers is automatically 
repeated by repeater circuitry in the hub on all the other ports 
using the FOIRL Ethernet standard. 

The fiber optic hub 12 is connected via a backbone port 
connection 28 to a 10Base2 hub with integrated bridge 30. 
The fiber optic hub also has another port serving as a 
backbone connection 32 to a lOBaseT hub 34 with inte- 
grated high performance bridge/router and wide area net- 
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work (WAN) interface 36. The wide area network interface with integrated bridge 72. The huh/bridge 72 is connected to 

can span great distances. In the example shown, the wide a plurality of computers via repeater ports 74. 

area network interface 36 couples the lOBaseT hub 34 to As an example of how the integrated hub bridge circuits 

another lOBaseT hub 38 with an integrated high perfor- in pjQ x work) consider the following hypothetical data 

mance bridge and wide area network interface. The hub with 5 exchange transactions. Suppose that computer 52 wishes to 

integrated bridge represents a significant advantage in that send a ^ packet tQ computer 54. ^ this example, the data 

the presence of bridges and routers in complex, high volume ^ would cntcf te 10 BascT hub/bridge 50 via twisted 

networks provides segmentation of the network so as to * aad would be automatically repeated on all the 

marimize use of the ^ repeater ports 56 including twisted pair line 82. Computer 54 

violating the maximum Ethernet specification limit of 4 connected to hurVbndge 50 However the packet would 

r^peaterl between devices. Since teidges and repeaters have a destination address indicating device 54 was the 

require many of the same support circuits, it is advantageous intended recipient such that other computers connected to 

to combine a bridge and a hub into the same circuit so as to the hub/bridge 50 would discard the packet 

share these support circuits. Such a combined hub/bridge 15 in the preceding example, the bridge function in hub/ 

reduces the cost, complexity and points of failure. Such a bridge 50 would examine the destination address of the 

combined circuit also eliminates the bridge to hub LAN packet arriving via twisted pair 80 and check a forwarding 

segment where the bridge and hub are separate. This also table of network addresses which contains entries for vari- 

eliminates the IP address of this segment and all manage- ous network addresses indicating whether those addresses 

ment burden thereof. 20 are on network 1 or network 2. In the bridge mode of 

Coupling of portions of a LAN by a bridge also allows the operation for hub/bridge 50, all of the repeater ports 56 are 

segments on opposite sides of the bridge to use different considered to be network 1 and the backbone connection 48 

communication protocols. is considered to be network 2. The bridging function, in the 

Also, in some embodiments, the bridge can be a router, preferred embodiment, is a learning bridge which builds the 

and any known routing or bridging process is within the 25 forwarding table as data packets arrive at the bridge from 

teachings of the invention. each source address. Hie bridging function knows which 

Another advantage of a combined hub and bridge is the network a packet came from, and will make an entry in its 

stackability of the architecture as compared to concentrators table associating each source address with the network from 

like those manufactured by Pcnril. When a user is out of card which it came. Assuming that computer 54 had already sent 

slots in a concentrator, that user will have to buy an entirely 30 a packet somewhere else, the bridging function would know 

new concentrator (concentrators arc very expensive) even if that computer 54 was connected to network 1 and therefore 

there is only one small group of users who cannot fit into the would not forward the packet received from cornputer 52 to 

the repeater cards on the first concentrator. Another disad- the network 2 via backbone connection 48. However, in the 

vantage of concentrators with bridge cards, repeater cards situation where computer 54 had not previously sent a 

and management cards, is that the management is not packet, the bridging function in hub/bridge 50 would assume 

integrated. If the management card fails, the bridge and that computer 54 was connected to network 2, and would 

repeater cards are not manageable. forward the packet to network 2 via backbone connection 

The 10Basc2 hub 30 is connected to a number of com- <*• However, since the packet would be automatically 

outers of which computers 40 and 42 are typical. These „ repeated on all repeater ports 56 anyway, computer^ would 

Scnections are via coLial line segments 44 and 46. Coaxial 40 "ill jeceive foe packet .via ^ re^ater px»rt even thou^ the 

connections are shown in FIG. 1 by lines with two slash packet was also forwarded to network^ Since computer 54 

marks through them. The 10Base2 hub 30 is also connected would send an acknowledgment message acknowledging 

via a coaxial backbone connection 48 to a lOBaseT hub with receipt of the packet, the bridge mncUonin hub/bridge 50 

integrated bridge 50 would then make an entry in its table indicating that com- 

lfmacr T huh « connected via a oliiralitv of 45 P utcr 54 was coupled to network 1. Thereafter, further 

SuT^ and 54 are typical. Any date packet entering *e " hurVbndge 50 on the backbone 48. 

the hub 50 from any one of the ports is automatically Now suppose computer 52 wishes to send a packet to 

repeated on all the other repeater ports 56. The same type of 50 computer 42. In this case, the bridge function in hub/bridge 

repeating operation is carried out automatically by all of 50 would not find an entry for computer 42 and would 

hubs 12 30 34 38 66 and 72. forward the packet received from network 1 via twisted pair 

A lOBaseT hub uses a physical layer communication «0 out on the coaxial backbone connection 48. 
protocol which is appropriate for a twisted pair of physical The backbone connection 48 for hub/bridge 50 is con- 
media. Twisted pair connections are shown in FIG. 1 by 55 nected to a repeater port of 10Base2 hub/bridge 30. There- 
lines with single slashes through them A 10Base2 hub fore the packet arriving on coaxial line 48 is automatically 
repeats data packets on its peats using a physical layer repeated on coaxial lines 44 and 46, and would therefore 
protocol appropriate to coaxial cable. arrive at computer 42. 

The lOBaseT hub 34 has a plurality of repeater ports To change the hypothetical slightly, suppose computer 52 

connected to a plurality of computers of which device 62 is go wanted to send a packet to computer 26 connected to fiber 

typical. Hub 34 also has a twisted pair port connection 64 to optic hub 12. In this case, the bridging functions in hub/ 

another lOBaseT hub 66 which has an integrated bridge. bridge 30 would read the destination address and may or 

Connection 64 is a backbone connection for hub 66. Hub 66 may not find an entry for computer 26. In either eventuality, 
is connected to a plurality of computers of which computer the bridge 30 would forward the packet received on coaxial 

67 is typical via repeater ports 68. 65 line 48 out on fiber optic backbone connection 28. This 

Likewise, hub 34 is connected via a twisted pair port backbone connection 28 is connected to one of the repeater 
connection 70 to the backbone port of another lOBaseT hub ports of the fiber optic hub 12 and therefore would be 
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repeated on all other repeater ports 14 (hereof. In (his Thus, the amount of traffic on each network is cut down to 

manner the packet would be transmitted out on the repeater a level which can be easily handled by the physical media, 

port connected to fiber optic media S6 and would arrive Referring to HG. 3, there is shown a block diagram of 

computer 26. another embodiment of an integrated hub/bridge with redun- 

One of the advantages of integration of the hubs and 5 dant network two transceivers. A repeatei/controner 90 has 

bridges in the sample network of FIG. 1 isthat it substan- a plmamy rf repeater ports 92 each of which is coupled to 

?fy "I 00 ? 5 . c05t . f *« nctwo f ( Tms £ m . Pi*; a hub interface circuit such as the port 1 transceiver circuit 

because the hubrtwdge mtegraUon ehmuiates much atomy ' 94 , 2 transceiver circuit 96 orthe port 24 transceiver 

needed to couple each hub to a bridge wi(h the assooated ^ % rf transceiver circuits interfaces 

LAN controUas and transceivers needed to do this. Network 10 ^ nctwork k tQcol 

managemenlM teaffic is also reduced because there «c fewer ^ ^ atei/controller 90 and the particZphysical 

neftvoric addresses of maclunes which must be addressed by ^ appropriflte t0 fte p hysi cal media betog used 

network rnaaager traffic. TypicaUy a network manager wffl me a^r physical media is represented by lines 

be coupled to one of the hub/bridges by a terminal and will 1IU1 . 1<u „. . J" . 

addresi management commands to any of the network „ " 2 ^ 1110 ty*?****? T Y 

«ucn luuigouui LU ' U ™ ,U ™ u-n. j t7 15 twistedpair in die case of a lOBaseT hub, coaxial cable in 

unplcmentog mom on the network These commands will / l 0 Base2hub, or fiber optic wave guides in the 

be forwarded as f^^f^f^Jf case of a lOBaseF or an FOIRL hub^tc. All of L examples 

^^^V^^w^bc^a^«^ly ^ mfa[ rhc Ethernet network data linkkyer 

the machine to which they are addressed and executed. By rl . „ ■ FDrt . - „ - f , ^ 

, . . « . / » x < protocol, however the teachings of the invention are appli- 

having fewer boxes that need to be managed and fewer w ^ tQ nctWQrk k or physical £ cr 

addressees management traffic, which represents net- protocol such as Token Ring, FDDI, etc. Further, the teach- 

worK ovemeaa, is reaucea. . of ^ m equally applicable to any commu- 

FIG. 2 shows a highly simplified block diagram of an model such as OSI md ^ transport layer protocol 

embodiment of mebroad concept according to the teachings sucb „ TCP/ff > XNS, IPX, Appletalk, DECnet, and SNA. 

of the invention. The hub 140 and bridge process 142 are 25 A , * ^ * * A - _ . * - 

integrated in the same system and are supported by the same Any ^ received through any one of the port mterface 

physical support structure and housed in the same housing. ff cmts such as port 1 circuit W 13 autor^odly repeat«lby 

The hub 140 is connected to a plurality of individual ^^^fZ P f] ^ * 

transceiver lines shown collectively at 166. In addition, the "J W ? M ^ ^ " ds ° T!£ °^ ? 

hub and bridge functions share certain physical assets such 30 *™ F* 106 and is also ^ansnutted on « . network ok data 

as the CPU 144 and the memory 146. In a sense, the LAN J 08 * ^ i^^u ^J*^?* 

2 interface 148 is also shared, because in the bypass mode ™ 6 fe a specific port which can Decoupled to a 

switch 150 is connected so as to couple an AUI port 152 of ^Tl^TL^ *WP*^*» * c P?*«*» 

the hub 140 to LAN 2 through the lXn 2 interface 148. In g»y«tad media to be ^.Thti^^ d^pM and 

bypass mode, LAN 1 and LAN 2 comprise a single local 35 ^u^TVu J dotations 

areTnetwcrk. Because the AUI port ofme hub 140 cannot AO port is set by a national stantodmaccortocew^ 

drive any physical media, the LAN 2 interlace 148. is OTI ^ A ^ 0 ^ # ta ^ ^ P^ 00 ^ ^ 

necessary to merge the machines coupled to LANs 1 and 2 ^ However, the AUI part itself can drive a 50 meter AUI 

into a single network even though me physical media of transc«ver cable, but cannot dnve the p^sicalmedia of the 

LAN 1 and LAN 2 may be different 40 netwo * ^ ovt a smtahle nttwark interface transceiver. 

In the preferred embodiment, the bridge process 142 is a . ™ e A ™ P 0 * 106 ^ 30 i^P^ant role in implement- 
software process carried out by the central processing unit in S a novcl feature of some embodiments of me invention 
144 using memory 146 and the bridging software routine ^ by^s mode In ^bypass mode the bridging function is 
described in flow charts given below and detailed in the bypassed, and the backbone port is treated as just another 
source code appendix attached hereto. In other 45 ^P 63 ** 1 P 011 * 10 ^ tn ^ s ^ physically implemented by 
embodiments, the bridge 142 may be a hardware circuit connecting the AUI port 106 to a software controlled switch 
which operates either autonomously or under the control of U2 bv P ass mod f- 112 ^ s * & bv P ass f 0 ^ so « 
central processing unit 144. In either type embodiment, the to conncct taminal 114 to line 116. Line 116 can be coupled 
hub and bridge functions will share the central processing t0 the ^ input/output port of either of two LAN interfaces 
unit and will be managed by the CPU implementing network 50 118 and 120 another switch 122. Switches 112 and 
management functions. 122 ^ De software controlled in some embodiments and 

Bypass mode is useful for providing flexibility in network " othcr embodiments, 

designs. It is most useful in planning for network growth The function of the selected LAN interface 118 or 120 is 

where local area networks 1 and 2 may be connected to drive whatever physical media is used for me bacH>one 

together as single network when the level of network traffic 55 P 01 * connection 124 to network two. This backbone port 

is small enough such that the bandwidth limitations of the physical media may be twisted pair, coaxial cable, fiber optic 

physical media do not impose a ceiling on the number of waveguide, etc. The purpose of having two LAN interfaces 

machines which may be connected. However, when the A and B is to provide fault tolerance redundancy such that 

number of machines coupled to the network grows and the if onc fails, the other may be used. Both of the switches 112 

volume of traffic approaches 10 Megabits per second, the 60 122 **e controlled by a microprocessor 126 in the 

CPU 144 in FIG. 2 can alter the state of switch 150 such that preferred embodiment. This microprocessor is shared by all 

the AUI port 152 is no longer coupled to bus 160 directly and of » e circuitry in the integrated hub/bridge 130. Normally, 

bridge mode becomes active. When the bridge is active, tbc nucroprocessor 126 will establish the position of soft- 

because only traffic on bus 162 which has a destination ware controlled switch 112 during ah initialization phase at 

address identifying a machine connected to local area net- 65 power-up time. 

work 2 will get through to LAN 2, the number of machines During initialization, data is written via data bus 127 to 

effectively sharing each network is substantially cut down. the repeater/controller 90 to set this device up for operation. 
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The microprocessor 126 also reads data written by the user Hie microprocessor 126 processes received data to be 

(or a front panel switch position in some embodiments) to input to the bridging process by accessing memory 170 

determine whether bridge or bypass mode is desired. If using a pointer to the received packet sent with the interrupt 

bypass mode is desired, microprocessor 126 send a control from the LAN controller. The microprocessor reads the 

signal to switch 112 so that terminal 114 is connected to line 5 destination address and consults the forwarding table. If the 

116. If bridge mode is desired, switch 112 is controlled such packet is to be forwarded, the microprocessor "deposits" the 

that terminal 132 is coupled to line 116. Terminal 132 is ^ packet m the transmit buffer corresponding to the 

coupled to a LAN 2 controller 180 which is driven by the appropriate network by rearranging the pointers on the 

bridge function carried out in software by microprocessor ^ of ^ transmit buffer to point to the new data 

126 LAN 2 controller is the network two interface for the w padcet tQ te tIZIiSEAt ^ d m sequence. The LAN controllers 

integrated bridge. wc ^,3^^ requesting access. to the memory buses 

The mcroprocessor 126 has multiple -duties including: ^ h th e DMA controller 172 and the arbiiration PAL 196 

being shared by both the hub and bridge presses for ^ s ^ ^ e ^ 

taitiabzation on-line, in-band] nanagonent and carrying out * *~ . 

bridging duties in some embodiments although the bridge " /'^ V1 ~ k , " ,, nJi T r iao * 

fun7uon could be carried out by separate circuitry in some * *™fcd to the r^ter/controUer 90 via data bus ^108 for 

embodiments. The microprocessor is only indirectly ° n * P<^ ^ me case cf the I^N 

involved in the hub process since the repeater/controUer 90 2 controller 180, these data packets are forwarded to the 

does the retransmission work without intervention by the LAN 2 interface circuit 118 or 120 selected by switch 122 

microprocessor. The imCToprocessor can intervene in this for transmission on the network 2 media, 

process in executing management commands such as turn- 20 The local area network controllers 110 and 180 manage 

ing ports on or off and will report certain status data back to pointers for their FIFO buffers so as to keep track of the 

the network manager such as port polarity status, per-port addresses where the last message stored in the receive queue 

error rate etc. In the bridge function however, the micro- | s located and the address of the next packet to be transmit-, 

processor plays a central role in executing the software that tc 4 m mc transmit queue and to keep the linked lists properly 

carries out the forwarding function. In most embodiments, 25 FIFO ordered, 

the in-band management process runs in background while _ , *1 

the hridgeprocesriuns in foreground. . ^of*oces«*^ 

T .u \.Ja~i. j„ ,,„♦„ _„~T ,„ ... . tnm .„A.A m the memory 170 where in-band management commands 

in^bdd^g^e dmp^^btt^^m storC d teim^JnttflTunfflT management 

local area network 1, 140, to local area network 2, 124, M . . u i j j ~. . 

where appropriate, while in the bypass mode, local area 30 F^ s > ™* ^ b ^>** d can acccss ™ d 

network 1 andlocal area network 2 will be merged and will execute me *»» d to <f 01L 

all be considered the same local area network by the hub. Arbitration logic 196 is used to grant access to the 

The bridging function is carried out in the embodiment of buscs to some ar^ci>riate access proto- 

FIG. 3 as follows. When a packet arrives from local area «*- * son f mepcotocolimplit be first-come 

network 1, it is repeated on network one data bus 108 and 35 first-served, while in other embodmients me access protocol 

received by LAN 1 controller HO. The LAN 1 controller 110 ^ use s u ome » bcfcweca me DMA device 

then cooperates with a DMA controller 172 to store the data 172 and mc nucroprocessor 126. 

packet in a receive buffer for network one in memory 170. A multiplexer 186 under control of the arbitration PAL 

At initialization time, the LAN controllers 110 and 180 are selectively connects the address bus 188 of the memory 

informed by the microprocessor 126 of the starting and 40 170 either to the address/control bus 190 of the DMA device 

ending memory locations of receive and transmit FIFO 172 °* me address/control bus 192 of the microprocessor 

buffers in memory 170 for each of networks one and two. In ^ in accordance with a control signal on line 194. The 

some embodiments, the receive and transmit buffers are arbitration logic 196 also generates the row address strobe 

implemented as FIFO buffers using linked lists in memory and column address strobe signal (RAS*/CAS*) on line 198 

170. In other embodiments, separate FIFO memories could 45 so as to time division multiplex the bus 188 between 10 bits 

^ use<1 of row address and 10 bits of column address. The arbitra- 

Since the microtrocessor 126 also uses memory 170 to tiott lo & c }*> d *> me microprocessor 126 address 

store the forwarding table entries for the bridging function, c ° atro1 «aw input mformation by a connection 

the data, address and control buses of the memory 170 must not sh °wn in FIG. 2. 

be shared between the DMA controller 172 and micropro- 50 Arbitration of the memory data bus is carried out through 

cessor 126. The details of how this bus sharing is carried out tri-state buffers 200 and 202. Tri-state buffer 200 selectively 

arc not critical to the invention and any bus arbitration connects the data bus 204 of the DMA device to the DRAM 

scheme will suffice for practicing the invention. In the memory data inputs 128 coupled to the LAN controller data 

preferred embodiment, when the LAN controllers receive outputs when a chip select signal on line 206 is true, 

packets, they request the DMA controller to store them, and 55 Likewise, tri-state buffer 202 couples the data bus 127 of the 

the DMA controller requests bus arbitration PAL microprocessor to the memory data inputs when a chip 

(programmable array logic) far access to the bus. If bus select signal on line 208 is true. These chip select signals are 

access is not immediately granted, the local area network generated in some emrx>diments by an address decoder gate 

controllers 110 and 180 can temporarily store data packets in array 197 coupled to the microprocessor address bus. In 

internal buffers. When a data packet arrives and is stored in 60 other embodiment, they may be generated by arbitration/ 

the receive buffer, an interrupt to the microprocessor is PAL logic 196 so as to control and arbitrate access to the 

generated by the LAN controller which received the packet DRAM data inputs as between the DMA device 172 and the 
This tells the microprocessor which network is the source of microprocessor 126. 

the packet and that the bridge process detailed below must As in the case of the embodiment of FIG. 2, micropro- 

be performed. The flow chart of FIGS. 5A and 5B below are 65 cesser 126 is shared by the hub function and the bridge 

the processing of an interrupt service routine which services function. Specifically, the microprocessor sends data to the 

the LAN controller interrupts in some embodiments. repeater/controller circuit 90 at initialization time to set the 



03/24/2004, EAST Version: 1.4.1 



5,737,525 

13 14 

circuit up for operation, sends data to it during operation to cause entries to be made in the bridge database if an entry 

do certain things like tarn ports on or off and receives data for the source network address does not already exist 

from the repeater/controller regarding status for purposes of Therefore, an address will be put in the bridge database 

replying to management inquiries regarding port status. Data w hen the machine having that destination address either 

is sent to and received from the repeater/controller 90 via the 5 sends or receives the packet 

data bus 127 using a tri-state buffer 210. This tri-state buffer - ^w^;~™*. u„m«- ^w„k„«~ ™ «**~a 

, . P . . , , • 1 « j In some emtodiments, the bridge database can be stored 

receives a chip select signal on line 312 generated by address . , , ^ . 431 ryAX . , .« 

decoder 197 or arbitration/PAL control logic 196. He J""™*"* mcmor y « ^-volatile RAM and the 

J* « * , i • i * bridge process can cross-check the accuracy of the badge 

address decoder or arbitration logic 196 also generates a ^ JL ; each ^ Dacket k handle(L ^ is ^ en \ 

addres^conlid bus 192 on toe rmaoprocessor throu gh to ^ destination address, and the packet will be 

fce address and control inputs 216 of the repeater/controller tf ^ accord lZ to ^ ^ noted ^ 

circuit 90. Once the microprocessor has been granted control aw»uiii K »uovc uuwuiuiw. 

-.^ . j „ . *^ . . . , „ „- However, if the acknowledgement message comes back 

of these buses, data may be sent to the repeater/controller 90 . .._ . . V* , 

t » fc,!n,n™ it Irh, ii in ™m, nit »hi. ...n.^..! through a different network controller than the network 

to initialize it or to cause it to carry out cemkrnanagement 15 forwarded, the bridge 

D £T S ' °J t™*" 6 ^ tos ^ 0 ^ on * e ^°™ i " 50me . rirocesswfflreahKthattL.nac^ 

embodunents. to the preferred ernt^d^nt, status informa- ^ ^ ^ relocated to a Cerent network 

fan. travelling from the repeater/controller 90 to toe nucro- and ^ ^ en ^ for &at 

processor is sent by the repeater through the LAN 1 con- address, 

troll er. *q 

In some embodiments, the bus arbitration logic may be There are three basic types ofbridges and various types of 

eliminated altogether and separate memory circuits may be ™T J**""* toow * * the prior art Any of these known 

used for all entities which need random access memory. badge or router machines or software processes that carry 

_ j* * , _„ * j_t_ - i_ j 4 u j. out bridging or routing processes, when integrated with a 

Referring to FIG. 4, there is shown a data flow diagram . , - rf. ' . ... *\ 

. . ~r j . ?- ... ■ *..«„ ,l S[„ nub so as to share certain common circuit elements are 

showing the data paths which exist between die three 25 ^ me s of me teaaiin of me That is, 

ongoing software processes ;of Jhe preferred embodmient ftedetaflsof .^ Wdgeorro ^ gproccssareno , criticalto 

and several hardware and data so-uctares which are involved lnventlon . Any toown bridge or routing machine or 

therewith. In the preferred embodiment, a bridge process "^^ 3 7^ m s Xe 

260 is carried out in software in the foreground mode. As ^ 

described above, the bridge process receives data from and 30 M brid 8 es P^vide network connections at the data link 

sends data to a LAN 1 controller 262 via FIFO receive and laver ^ , OSI model The first type of bridge is a 

transmit buffers in random access memory (not shown). This transparent bridge. This bridging function provides network 

process is symbolized by arrows 263. Likewise, the bridge connection to local area networks that employ identical 

process sends data to and receives data from a LAN 2 Protocols at the data link and physical layers. A transparent 

controller 264 in a similar manner as symbolized by arrows 35 ^ brid 8 e P laces no burden on the physical devices which 

266. When the bridge process is active, ie., when the m attempting to communicate. These devices take no part 

hub/bridge is not in bypass mode, a bridge database 268 in in the route discovery or selection process. From the 

random access memory is consulted for each incoming data device's point of view, it appears that all devices are resident 

packet The purpose of consulting the bridge database is to on a sin ^ extended network with each device identified by 

determine whether or not the data packet should be for- 40 a unio * uc address. Processing by a transparent bridge can be 

warded to the other network controller. The bridge process summarized as follows: 

will forward the data packet to another network controller (1) the bridge reads the data link layer destination 

other than the network controller from which the data packet addresses of all messages transmitted by devices on 

was received if the bridge database 268 contains an entry LAN 1; 

indicating that the machine having the destination address of 45 (2) the bridge ignores all messages addressed to devices 

me data packet is not coupled to the network driven by the on LAN 1; (3) the bridge accepts all messages 

controller from which the data packet originated. If there is addressed to devices on LAN 2, and, in the physical 

only one other network serviced by the bridge, the bridge layer and data link layer protocols common to both 

process will forward the data packet to the network control- networks, relays these messages to LAN 2 (4) the 

ler driving that other network* However, if the bridge 50 bridge performs identical functions for all messages 

process serves more than two networks, the bridge process transmitted on LAN 2. 

will consult the bridge database to determine which network Obviously such processing requires that the bridge 

is coupled to the machine having the destination address of acquires some knowledge of the location of devices. All this 

the data packet and forward the data packet to the appro- information could be manually configured in some 

priate network controller driving that network Further, the 55 embodiments, but in the preferred embodiment, a learning 

bridge process will forward the data packet to another function is used to acquire device addresses, 

network controller if there is no entry in the bridge database The bridge learns addresses by reading the data link 

indicating where the destination address lies. source address of each message that it receives. 

The bridge database is built anew each time the machine In some embodiments, the . forwarding table entries 

is powered up. Therefore, while the bridge database is 60 include a timer value that indicates the age of the observa- 

building, more packets will be forwarded to the other tion. 

network controllers than are actually necessary until the The translating bridge is a specialized form of transparent 

bridge database contains entries for substantially all the bridge. This type bridge provides network connection ser- 

destination addresses on the network serviced by the bridge vices to local area networks that employ different protocols 

process. However, in most protocols, each destination 65 at physical and data link layers. Fox example a translating 

machine issues an acknowledgment message after it receives bridge would be used between a token ring protocol local 

a data packet, and these acknowledgement messages win area network and Ethernet protocol local area network. . 
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A translating bridge provides connection services by 
manipulating the "envelopes" associated with each type of 
local area network. Processing performed by a translating 
bridge, is relatively straightforward because the Ethernet, 
Token Ring and FDDI envelopes are somewhat similar. 
Each local area network type, however, sends message of 
different lengths. Because a translating bridge cannot frag- 
ment messages, each local area network device must be 
configured to transmit messages of the supportable length. 
For the example of a translating bridge being used between 
Token Ring and Ethernet networks, translating bridge pro- 
cessing can be summarized as follows: 

1. The bridge, using the physical and data link layer 
protocols employed by LAN 1 (the Token Ring 
protocol), reads the data link layer destination 
addresses of all messages transmitted by devices on 
LAN 1. 

2. The bridge ignores all messages addressed to devices 
on LAN 1. 

3. The bridge accepts all messages addressed to devices 
on LAN 2 (the Ethernet protocol), and, using the 
physical data link protocols employed by LAN 2 relays 
these messages to LAN % 

4. The bridge performs identical functions for all mes- 
. sages transmitted on LAN 2. 

The second bridge type, an encapsulating bridge, is gen- 
erally associated with so-called **backbone" topologies, In 
such a topology, several local area networks will be coupled 
by several bridges to a high volume backbone of such as a 
fiber optic FDDI protocol A typical example of such a 
topology would be for Ethernet local area networks linked 
together by a high speed FDDI backbone. Each local area 
Ethernet network would be connected by an encapsulating 
bridge to the FDDI backbone. This would be necessary 
because the inter-network connection (the backbone) is 
coupled to networks mat uses different physical and data link 
layer protocols. 

Unlike translating bridges which manipulate the actual 
message envelope, encapsulating bridges place received 
messages within a backbone specific envelope (thus, the m 
term encapsulating) and forward the encapsulated message 
to other bridges for eventual delivery to the message recipi- 
ent Id the following example, four Ethernet networks are 
coupled to an FDDI backbone by four encapsulating 
hridges. The four bridges coupled to Ethernet networks 1 
through 4 will all be referred to as bridge 1 through bridge 
4. In the foregoing example, a message from a device on 
local area network 1 intended for a device on local area 
network 2 will be processed by an encapsulating bridge as 
follows: 

1. The bridge coupled to local area network 1, using the 
physical and data link layer protocols employed by 
network 1 (Ethernet), reads the data link layer destina- 
tion addresses of all messages transmitted by devices 
on network 1. 

2. Bridge 1 ignores all messages addressed to devices on 
local area network 1. 

3. Bridge 1 accepts all messages addressed to devices on 
other local area networks, places these messages within 



5. Bridge 2 receives the message, removes the outer 
envelope and checks the destination data link address. 
As the address is local, bridge 2 uses Ethernet physical 
and data link layer protocol to forward the message to 
the destination device. 

6. Bridge 4 receives the message, removes the outer 
envelope and checks the destination data link address. 
As the address is not local, bridge 4 ignores the 
message. 

7. Bridge 1 strips the encapsulated message from the 
FDDI backbone. 

The third type of bridge is called a source routing bridge. 
This term was coined by IBM to describe a method of 
bridging frames across Token Ring networks. Source routing 
requires that the message source (not the bridge) supply the 
information needed to deliver a message to its intended 
recipient. 

Within a source routing network, bridges need not main- 
tain forwarding tables. Rather they make the decision to 
forward or to drop a message solely on the basis of data 
contained within the message envelope. To implement such 
a scheme, each routing device determines the route to a 
destination through a process called route discovery. Route 
discovery can be accomplished in several ways. 

One way is to implement a route discovery process using 
so-called "explorer packets." Each explorer packet has a 
unique envelope which is recognized by all the source 
routing bridges in a particular network configuration. When 
a device coupled to one local area network wishes to send a 
message to a device coupled to another local area network, 
30 the source device sends out an explorer packet which 
reaches one or more of the source routing bridges. Each 
source routing bridge adds its own name and the network 
connection from which the explorer packet was received in 
a section of the message envelope called the routing infor- 
mation field. Each source routing bridge then floods all of its 
network connections with copies of the packet 

Ultimately, the destination machine receives multiple 
copies of the explorer packet each of which has taken a 
different route through the network configuration. The route 
that each packet took can be traced from the information in 
the routing information field of each explorer packet 

The recipient machine then picks one of the packets for 
use earner randomly or according to some criteria which is 
not critical to the invention such as the most direct route, and 
sends a response message back to the originator which lists 
the specific route to be used in communicating with that 
device. The source device then receives this message and 
records the route to be used in communicating with the 
destination device in a memory which stores routing infor- 
mation for each device for which a route has been discov- 
ered. Subsequent messages are enclosed in a different type 
of envelope which is recognized by source routing bridges. 
These bridges then consult their routing tables for the list of 
connections in bridges and forward the message based upon 
the routing information stored in memory. 

Routers are different from bridges in that routers connect 
devices at the network layer of the OSI model The con- 
nected networks may have different protocols at the data link 
and the physical layers. Routers actively select paths to use 
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an FDDI specific envelope addressed to all bridges 60 in connecting one device to another based on certain factors 



(such a collective address is called a multicast address), 
and sends this envelope across the FDDI backbone. 
. Bridge 3 receives the message, removes the outer 
envelope and checks the destination data link address. 
As the destination address is not local (the destination 
address is a device coupled to local area network 2) 
bridge 3 ignores the message. 



65 



such as transmission costs, network congestion, transit delay 
or distance between the source and destination. Distance is 
usually measured in terms of the number of routers that must 
be traversed between the source and the destination, Routers 
are not transparent in that the devices which wish to use the 
services of a router must address their messages directly to 
the router. 
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Each local area network has a unique local area network cesses are symbolized by the hub/bridge in-band manage- 

address which is resident in the network layer of the OSI mcnt process 280 and the console command process 282 in 

model Likewise, each device on a local area network has its FIG. 4. The in-band management process 280 consists of a 

own address which is unique to that local area network. This number of subroutines each of which is capable of carrying 

is the data link layer address in the OSI model. A complete 5 out a particular management function. These management 

device address then in a routing environment will be either functions are well-known to those skilled in the art and will 

the addition or concatenation of the network layer and data not be detailed here nor are the details of the in-band 

link layer addresses. management process critical to the invention. The teachings 

Each source device, after preparing a message packet, of the invention contemplate the fact that a single in-band 

compares the source address with the destination address 10 management process may be shared by both the hub and the 

and recognizes whether or not the message can be sent bridge functions and this management process is distributed 

directly to the recipient on the network segment to which the in the sense that it is contained within the same housing as 

source device is connected or whether the message must be the integrated hub and bridge hardware so no failure 

routed. If the message must be routed, it is placed in an outer between the network address of the hub/bridge circuitry and 

envelope with an address of the first router to which the 15 the network address of the management process can cause 

message must be sent The targeted router then opens the the hub/bridge circuitry to be uncontrolled, 

outer envelope and looks at the destination address. Also, to implement one aspect of the "open system** 

However, the router has multiple addresses in its routing architecture, the management process 280 conforms to the 

table, one for each network connection to which it is SNMP network management protocol selected as a national 

coupled. If the router determines that the destination address 20 standard by the Internet Engineering Task Force (hereafter 

is a device on one of the networks to which it is coupled, it IETF). This means that other systems that have management 

sends the message directly to the appropriate network using software can also manage the integrated hub/bridge of the 

the appropriate data link and physical layer communication invention by sending SNMP management commands in via 

protocols. the modem 300, the serial port 298 and the console com- 

If the router is coupled, for example by a wide area 25 mand process 282 and these commands will be understood 
network, to other routers, a router table is consulted. This • by the hub/bridge management process 280 and carried out 
table has entries in it each of which has a pair of data fields. Further, under the prior art SNMP network management 
The first field identifies a destination network and the second protocol, every device connected to a network has data 
field identifies an adjacent router in the direction of that structures called MIBs which are unique to the product 
destination. A message which must be forwarded through 30 MIBs effectively describe every "object", i.e., every con- 
another router will be forwarded by consulting this routing trollable entity and some entities that are "read-only" in a 
table and will be enclosed within an outer envelope and sent particular system and describes the various states that each 
to the adjacent router **in the direction of, the destination entity can assume. The MIB data is used by SNMP man- 
address. This second router will open the envelope of the agement processes to control or read the objects thereby 
message when it is received, do a network address compari- 35 allowing management of the system described by the MCB 
son and then forward the packet directly to the destination data. To implement the open system architecture of the 
device. hub/bridge according to the teachings of the invention, the 

Routrxs use routing protocols to exchange information electronics and software of the hub/bridge 130 according to 

about the network. the "open architecture'' species within the genus of the 

These routing protocols are software routines which run 40 invention implement the following national open systems 

in the router. The exchange of information implemented by Internet and TCP/IP based standards: RFC 791 (Internet 

these routing protocols eventually causes the routing tables Protocol); RFC 792 (Internet Control Message Protocol); 

in all of the routers to converge so as to reflect the same RFC 793 (Transmission Control Protocol); RFC 768 (User 

network topology. Datagram Protocol); RFC 783 (Trivial File Transfer 

There are two types of routing protocols. The older type 45 Protocol); RFC 826 (Address Resolution Protocol); RFC 
distance-vector protocol periodically issues broadcasts 854 (Telnet Services); RFC 903 (Reverse Address Resolu- 
which propagate routing tables across the network. These tion Protocol); RFC 1058 (Routing Information Protocol); 
routing protocols are useful mainly for small and relatively RFC 1157 (Simple Network Management Protocol) RFC 
stable networks. Large and/or growing networks generally 1213 (MIB JT); RFC 1286 (Bridge MIB); RFC 1317 
use data link-state protocol exemplified by the IS-IS routing 50 (RS232-Like MIB); RFC 1368 (Repeater MIB); RFC 1398 
protocol of the OSI model Link state protocols send routing (Ether-Uke MIB); Draft RFC 8023 MAU; IEEE Standard 
information only to reflect changes in the network topology. 802.1(d) Spanning Tree Algorithm, Filtering by Protocol. 
While distance-vectorrouting protocols always pick the path All the foregoing national standards are published by the 
with the fewest number of routers between the source and ikkr or the IETF and are hereby incorporated by reference, 
the destination, link state protocols are different Link state 55 . What the foregoing means is that the hub/bridge accord- 
protocols can use multiple paths for failure recovery and ing to the teachings of the invention can be mixed into a 
load balancing of message traffic. Link state protocols also network environment with equipment made by other manu- 
allow users to specify selection of routes according to delay, facturers that support the same national standards and all the 
throughput, or reliability concerns. equipment will work together. Further, the invention con- 
Referring again to FIG. 4, the teachings of the invention 60 templates that the bridge, hub and all other MIB descriptions 
also therefore encompass substitution of any of the known are all integrated into one easily manageable entity such that 
bridge types or a routing process for the bridge process installation is simplified in that the installer does not have to 
symbolized by block 260. In the case of a router, routing learn the complexities of the installation process for a hub 
tables would be substituted for the bridge, database 268. and men learn the complexities needed far a separate bridge 

In some alternative embodiments, the microprocessor 65 circuit installation also, 

shared by the bridge functions also runs two background An important aspect of the invention is in the "network 

processes for management purposes. These background pro- slice" stackahle architecture implemented by the integrated 
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hub/bridge. This architecture is especially useful in small possible, because the management process is located on a 

networks and to solve the problems noted above with card that must fit in a slot in the concentrator, so unless the 

concentrator technology. Fundamentally, a "network slice" isolated pocket of users has their own concentrator, the 

is a small, stand-alone repeater with integrated bridge and network segment they are on cannot be managed from the 

integrated management More specifically, as the term is 5 main network 

used'herein, the genus of machines each of which may be fc Aj mentioned previously, the most important species m 

referred to as a "network slice" is a stand-alone hub or DCtwork shec" genus has "open architecture". Another 

repeater with 26 or fewer ports, having its own enclosure ^<f* n ^i^™* 7 ""25 

V . v\T .! u a v^,w^i:«k# a function is bypassed and the two LAN segments connected 

and user mterface switches and moicator light, and having a t0 dther side J £ me are connected together to form a 
built-in, i.e M integrated bridge to couple the repeater ports to 10 smg i e laN 

a backbone, a local backbone or another repeater and LAN ^ &e broadcsi opcn architecture species of the invention, 
segment, and having distributed management, Le., a collec- me software executed by the microprocessor 144 of the 
tion of subroutines in the control software that can under- bridge/hub 130 in FIG. 2 will implement only the Internet 
stand management commands and requests for data origi- protocol defined by the national standard RFC 791 on the 
nated by a network administrator. An important species of 15 network layer of the ISO model. This specification is pub- 
this genus has a bypass mode to allow small networks to Ucly available from thc IETF and defines the network layer 
grow beyond the Ethernet 10 Mb/sec speed limit and then protocol used on Ethernet and defines, among other things, 
turn off bypass to allow both segments on both sides of the how destination network addresses and destination node 
bridge to have traffic at less than the 10 Mb/sec limit. addresses are used to route data packets to the appropriate 
Another important subspecies of this genus is remotely 20 machines on the LAN. This species of network slice would 
manageable. be a device which would not understand SNMP management 

Network slices can solve the problems of. concentrators commands, 
noted in the background section of this application by There is a virtual necessity in the open systems market for 
allowing a network slice to be located out at the location of network devices which can be managed from devices made 
a group of users which is too small to justify having a 25 by other manufacturers. The vehicle to achieve this intcrop- 
dedicated concentrator* The network slice is substantially erability is through implementation of the SNMP manage- 
less expensive than a concentrator and can handle up to 26 ment protocol. Therefore, an important species of thc net- 
users connected to each network segment on either side of work slice genus of the invention is a network slice, as that 
the bridge so substantial pockets of physically isolated users term was earlier defined herein (a network slice includes 
can be handled relatively inexpensively. Network slices are 30 on-board "distributed management" functionality) with 
"stackable" in that the individual network slices can each open architecture. Such a machine includes, in the software 
stand alone or work together to handle large networks via executed by the microprocessor 144, routines which imple- 
connections to each other over local backbones", ie., ment the SNMP (simplified network management protocol) 
network segments coupled to the integrated bridge which defined in t he nat ional standard RFC 1157 specification 
may have different physical media and protocols than the 35 published by IETF at the session and/or presentation layer of 
network one LAN segment coupled to the hub. This means the ISO model. The SNMP protocol routines in the control 
that as the network grows in number of users, new network software interface to the Internet Protocol on the network 
slices can be added in smaller increments than would be layer through software executable by microprocessor 144 
possible if concentrator technology was used, and this costs which implements thc User Datagram Protocol define d in 
less. Thus, in the hypothetical situation posed in the back- 40 the national standard RFC 768 published by the IETF, 
ground section of this application, the remote network slice Although open systems management requires SNMP 
located at the pocket of physically separated users can also management protocol to be implemented in the control 
send data to other network slices at the parent company or program, the network slice genus does not require that the 
on a different floor via the singje line of the local backbone distributed, ie., on-board management process be restricted 
connection. This can save substantially in installation costs 45 to only understanding SNMP commands and requests. The 
by eliminating the need to run separate cables for each user network slice genus can also be managed directly via direct 
from the physically isolated pocket of users back to the main connection of the network administrator's computer to the 
concentrator. Of course, a local backbone LAN segment can RS232 port 298 in FIG. 4 or via a modem In such an 
be used only if the distance between the network slices is embodiment, it is necessary for the control program 
small enough to be less than the matimnm allowable range 50 executed by the microprocessor 144 to have routines that 
for the media type used for the backbone connection. If the implement the Console Command Process 282 in FIG. 4 to 
distance is larger than this ma ximum distance, the network issue appropriate commands and requests for data to the 
two segment is replaced with a WAN transceiver (wide area bridge process 260 or the repeater/controller 288 via data 
network media access unit or MAU). paths 306 and 308, respectively. However, if management of 

The fact that a network slice has on-board integrated 53 the network slice is to be done 'in-bahd" via packets sent 
management software means mat the network slice can be over the Ethernet™ LAN, then those skilled in the art will 
remotely managed. This is a substantial advantage in a appreciate that the control software executed by the micro- 
situation where a concentrator serves the main network but processor 144 must include routines which implement the 
mere is an isolated pocket of users which is too small to TELNET Services protocol defined by IETF in their national 
justify another concentrator but with users who need to share 60 open systems standard RFC 854, th e Transmission Control 
assets on the main network. With a network slice, the Protocol (TCP) defined by IETF in their national open 
network administrator can run the management process on a systems standard RFC 793 as well as the Internet Protocol 
work station coupled to the main network and send man- (IP) defined in RFC 791 along with the In ternet Control 
agement commands and data requests either in-band over Message Protocol (ICMP) defined in IETF national open 
the backbone connection or via modem to the management 63 systems standard RFC 792 and thc Address Resolution 
process resident in the network slice located out with the Protocol (ARP) defined in RFC 826 as well as the Reverse 
isolated pocket of users. With a concentrator, this is not Address Resolution Protocol (RARP) defined in RFC 903. 
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The way this all works together to allow in-band man- Intelligent hub allows ports to be turned on or off, provides 

agement of the network slice via a non-SNMP management error correction and can provide statistics regarding traffic 

process is as follows. When a management packet arrives at volume. 

a repeater port, the physical layer hardware and software The sole job of the hub/bridge in-band management 

examines the MAC,ie^ Ethernet destination address thereof 5 F 00055 280 is to receive so called in-band management 

(which will be the MAC address of the bridge process) and commands and status inquiries and to process them. In-band 

causes the packet to be directed to the bridge process 260 in management commands and inquiries arc basically manage- 

HG. 4. from there the packet is directed to the in-band meat messages which arrive like other data packets through 

management queue 284 in FIG. 4 and ultimately is retrieved co **f m such f dcviccs 262 

for processing by the hub/bridge in-band management pro- l0 or 264 in FIG. 4 This allows me nerwork manager to 

cess 280. Tnis process 280 includes routines which iJpl* 13^^ S 

iAt m rz-rk m a ti a . r. Ar > A . . . , connected to only one component thereof, 
ment the IP^CMP, ARA, and KARA protocols previously To ^ management process, the 
mentioned. Tnese protocols examinethe data pomon of the ^ s ^ 0 monitors ^ packcl fraffic 
data link layer packet received from the port and derive the ^ me local area network controllers 262, 264 for 
Destination Network Address and Destination Node IP u Q^y data packets having a destination address assigned to me 
addresses therein. The resulting data is then passed to (he integrated huh/bridge. These packets are forwarded to the 
TCP protocol which converts the format of the data to text in-band management process. These da t* packets are for- 
strings that the TELNET protocol can understand and con- warded by placing them in a management input queue 284 
verts the IP address to a port or socket address which is implemented as a FIFO buffer in memory, 
assigned to the hub/bridge in-band management process. 20 Typically the in-band management process runs in the 
Hie TELNET terminal emulator protocol then takes the data background, so when a time slice is awarded to the man- 
and converts it from its text string format to a line oriented agement process or an in-band management interrupt 
format that can be understood by the Console Command occurs, the in-band management process 280 reads the next 
Process 282 and passes the data to the non-SNMP Console management command or inquiry in the input queue 284 and 
Command Process 282 for execution in controlling the 25 processes the management function appropriately. This pro- 
network slice. For data passing the other way, i.e., from the cess may involve sending protocol filtering commands to the 
network slice hub/bridge to the remote non-SNMP manage- bridge process 260 via data path 286 or collecting informa- 
ment process in-band via the Ethernet physical media, the tion from the repeater controller 288 via path 290. It may 
reverse sequence of events occurs. First, the TELNET also involve sending commands to the repeater/controller 
protocol converts the line oriented strings of data that it 30 288 via path 292. Likewise, it may involve writing data to 
receives from any object not of an SNMP type and converts a configuration/database 294, or obtaining information from 
that data into text strings mat can be transported by the that database as symbolized by data paths 296. 
TCP/IP protocol These strings must then converted to data Out-of-band management is carried out by the back- 
link layer packets suitable for transmission on the Ethernet ground console command process 282 in some embodi- 
physical media by other routines in the control program 35 ments. Out-of-band management commands and status 
executed by the microprocessor 144 that implement the TCP, inquiries are commands received not as data packets from 
IP, ICMP, and the RARA protocols. The protocols discussed the LAN controllers but received directly from the network 
in this specification are known to those skilled in the art manager's terminal. In some embodiments, these commands 

Other important species of the network slice genus allow are received via a serial port 298 which may be connected 

remote upgrading of the software which the microprocessor 40 to a modem 300 or a terminal In some embodiments, two 

144 executes. In an open systems ernbodiment of a network serial ports may be used, one connected to a modem and one 

slice with this capability v the software of the control program connected to a terminal.. This allows a network manager to 

has routines which implement at the transport layer the dial in via the telephone lines from a terminal at home and 

Trivial File Transfer Protocol (TFTP) specified by IETF in issue management status inquiries and network management 

the RFC 783 national standard. The TFTP Protocol inter- 45 commands via the modem 300. The network manager may 

faces with the physical media through the Internet Protocol also issue any of the network commands or status inquiries 

on the nerwork layer and the EtherTalk™ Link Access via a terminal 302 in his or her office. The function of the 

Protocol on the data link layer. This allows new and console command process 282 is to receive these commands 

improved versions of the control program which controls and status inquiries and interact appropriately with the 

processing by the microprocessor 144 to be loaded into the 50 repeaters, bridge process or configuration/status database to 

hub/bridge by the network administrator via a modem or carry out the desired function. This interaction is carried out 

in-band through whatever network path connects the net- via data paths 306, 306 and 310. In the case where the 

work administrator's machine and the hub/repeater. management command is not addressed to the hub/bridge to 

To understand the significance of the savings in network which the network manager is directly connected, the con- 
management traffic from combining the hub and bridge, 55 sole command process places the command in a data packet 
some information about typical network management com- and places it in the transmit queue of the appropriate 
mands is helpful. Typical of management functions are to network controller so that it will eventually reach the 
turn ports on and off, set protocol filtering, inquire regarding destination component to be managed, 
network traffic volume, inquire as to polarities status at each Referring to FIGS. 5A and 5B, there is shown a flow chart 
port, inquire as to the number of errors which are occurring 60 of the software bridge process used in the preferred embodi- 
on a particular port, analyzing traffic patterns on individual . ment This process starts with the step symbolized by block 
networks and across bridges, collecting data detected by the 340 of getting the next received packet out of the FIFO 
intelligent hub repeater circuits regarding errors and error receive buffer in memory after having received the interrupt 
types on a per-port basis, obtaining statistical data regarding from the LAN controller. 

the number of packets forwarded versus the number of 65 Next, the test of block 342 is performed to determine if 

packets received, configuring the repeaters via software there is any transmission error in the packet If mere is an 

commands, putting the bridge in bypass mode, etc. An error, the packet is discarded, as symbolized by block 344. 
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If there was no error, the process of block 346 is per- warding to the in-band management queue is symbolized by 

formed to update the bridge database. This is done by dashed line 269. The isolate mode can be implemented in 

examining the source address of the packet and the network any manner, but in the preferred embodiment of the inte- 

identification, i.e., the LAN controller, from which the grated hub/bridge, it is implemented by setting the pointer 

packet came and writing this information into an entry into 5 addresses in the forwarding vectors to be described below to 

the bridge database forwarding table. P° mt to a P acket routme ' ' nds is ^ne in the 

Next, the process of block 348 is performed to read the initialization code in the preferred einbodiment, but could be 

destination address of the packet and look for this address in do ° e * umes by the network manager in other 

the bridge database forwarding table. embodiment. Further, m some embodiments, forwarding 

" 7, ^ i -cft-T ~T . . A ^ t - ,„ vectors need not be used, and the badge process can, for 

* ^f*™^™**™^™ edtodetenmneifthe 10 ^ g ^ > y^J^^^ 

destination address is on the same sideof thebndge. i.e M on u ^7 0 dctccminc the current mode of operation and then 

the same network, as the source address from which the ss ^ hlcaadag packets ^^0^. 

packet originated. If the destination address is on the same Referring again to FIG. 5A, if the step of block 356 

side of the bridge as the source address, the packet is determines the packet is a multicast packet, men the step 

discarded as symbolized by block 352. The discard process 15 symbolized by block 360 is performed to copy the packet 

involves rewriting the pointers on the linked list of the ^fter making a copy of the packet, the packet copy is placed 

receive buffer to remove the discarded packet from the in the input queue for the hub/bridge in-band management 

linked list process as symbolized by block 361. 

Next, the destination address of the packet is read to If the step of block 354 determines mat the data packet is 
determine if the destination address is the address which has 20 not an internal hub management packet, or the packet was a 
been assigned to the integrated huh/bridge on which the multicast hub management packet and was copied by block 
bridge process is running. This process is symbolized by 360 and loaded in the management input queue, then the test 
block 354 in FIG. 5A. If the packet is an internal hub of block 362 is performed. This test is to determine if the 
management packet, then the test of block 356 is performed protocol of the packet is a protocol type for which a filter has 
to determine if the packet is group addressed. In some 25 been activated. An active filter condition indicates that the 
protocols, the packets may be addressed to multiple network - usa * «* des^ packets with this communication pro- 
addresses with a single multicast or group address. If the 1 » te ^ > cvc ° * ^^ tion J^ c ^ SUcI J 

i +j a , u . w ^^K^ii^ w«, that the packet would otherwise be forwarded. Protocol 

packet* i no a mulUcast packet then the step symbolized by £ ^ 

U °t\w 8 1 ^ 0imed t0 "^S™ an aSd by the network manager either through an in-band 

T^^tMwg^^ queue symbolized by 30 ^ ^ command orTc^t-of-band management com- 

block 284 in FIG. 4. Note that this monitoring process for ^ CQtcred ^ insole command process syn> 

m-bandmanagementdatapacketsgoesonevenifthebndge bolized by block 282 in FIG. 4. In some situations, it is 

ism bypass mode since there has been no step in the process desirable for example to prevent any Ethernet protocol 

shown in the flow chart of FIGS. 5 A and 5B up to this point packets from being forwarded from an Ethernet local area 

to determine whether the bridge is in bypass mode or bridge 35 network on one side of the bridge to a Token Ring network 

mode. Bypass mode is symbolized in FIG. 4 by the dashed or an FDDI backbone connection on (he other side of the 

lines 265. The process of filtering out in-band management bridge. In this case, the network manager simply sets a 

packets for forwarding to the hub/bridge in-band manage- protocol filter blocking any Ethernet data packets from being 

ment process while in the bypass mode is symbolized by forwarded. This is the purpose of the test on block 362. If 

dashed line 267 in FIG. 4. Also, note that FIG. 4 is somewhat 40 block 362 determines the packet should not be forwarded 

deceptive in that the LAN 1 controller 262 is actually the because it has a protocol which is being filtered out, men the 

network connection for the bridge to the network serviced step of block 364 is performed to discard the packet 

by the repeater/controller shown at 90 in FIG. 2 and 140 in If the test of block 362 determines that the packet protocol 

FIG. 3. Conversely, the network segment "on the other side" is a type which is not being filtered, then the test of block 

of the bridge is symbolized by the network connection to the 45 366 is performed to determine if the data packet came from 

LAN 2 controller 263. LAN controller 263 services the the LAN 1 controller. If it did, the process of block 368 is 

backbone connection network segment. The physical media carried out to read a pointer address from a LAN 2 forward- 

for this backbone connection is shown at 124 in FIG. 2 and ing vector. This pointer address is written during initializa- 

164 in FIG. 3. Note that in FIG. 4 there is no apparent data tion of the integrated hub/bridge circuit by the micropro- 

path between the repeater/controller 288 and the bridge 50 cesser. The particular pointer address written into the 

process, but this data path does exist through the LAN 1 memory location assigned to the LAN 2 forwarding vector 

controller 262. will depend upon whether the user has indicated that the 

In an alternative embodiment, an isolate mode is imple- hub/bridge is to operate in the bypass mode, bridge mode or 

mented in the hub/bridge software. The purpose of this isolate mode. There is also a LAN 1 forwarding vector 

isolate mode is to cut off data packets from being forwarded 53 which is assigned a different memory location. The LAN 1 

between networks one and two. This helps isolate problems forwarding vector also stores a pointer address. This pointer 

on the network for troubleshooting purposes. In isolate address is also written during initialization time, and will 

mode, the bridge process discards all incoming data packets point to a routine which carries out the desired processing of 

from either network except in-band management packets either the bypass mode, bridge mode or isolate mode. Hie 

such that no data packets get forwarded from one network to 60 user indicates in any known manner such as front panel 

the other. In-band management packets get selected from the switch positions which mode is desired. Thereafter, at ini- 

data stream and are placed in the input queue of the tializauon time, a pointer address appropriate to the selected 

hub/bridge in-band management process 280. Thus the mode is written into die LAN 1 and 2 forwarding vectors, 

management of the network can continue during isolate The process of step 368 will read the LAN 2 forwarding 

mode to assist in the troubleshooting process: Isolate mode 65 vector and vector processing to block 370 if either bypass or 

is symbolized by dashed barrier line 264 in FIG. 4, and the isolate mode is selected, or to block 380 if bridge mode is 

process of selecting in-band management packets for for- selected. 
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If the LAN 2 forwarding vector points to die bypass or read the configuration database to determine whether, the 

isolate mode, then the step symbolized by block 372 is hub/bridge is in bridge mode or bypass mode and then cany 

performed to discard the packet. Discarding the packet out appropriate processing to either discard the packet or 

implements bypass mode by virtue of the switch positions, forward the packet to the other network 

e.g. switch SW1 in FIGS. 6A and 6B being set by a routine 5 Referring to FIGS. 6A and 6B, there is shown in a block 

which is not shown to a switch position in bypass mode so diagram of the preferred embodiment of an integrated hub/ 

as to connect the LAN 2 interface 466 or 464 directly to the bridge. Two repeater/controllers 440 and 442, implementing 

Am port of the repeaters 440 and 442. Thus any packet that an Ethernet data link layer communication protocol, drive a 

arrived at a LAN 1 port is automatically sent out on LAN 2, plurality of 24 port interface transceiver circuits indicated 

and vice versa. In isolate mode, the switch positions for, e.g., to generally at 446, 448 and 449. These port interface circuits 

switch SW1 in FIGS. 6A and 6B, are set so that the LAN 2 can be 10Base2, lOBaseT, lOBaseF or FOIRL specific. The 

interface 466 or 464 are connected to the LAN 2 controller physical media connected to the port interface circuits can 

472. Thus, discarding the packet by the bridge process be unshielded twisted pair, coaxial cable, fiber optic 

prevents any transfer of packets from LAN 1 to LAN 2 or waveguide etc Any data entering on any one of the 24 ports 

vice versa. Processing then returns via path 374 to the top of 15 is automatically repeated by the repeater/controller chips 

the bridge loop at 376 in FIG. 5 A. 440 and 442 out on all the other ports. The repeater; 

If the LAN 2 forwarding vector points to a routine for the controllers are also known as RICs in the trade. Data is 

bridge mode, then the processing of step 382 is performed transmitted from one repeater/controller to the other via an 

to transmit the data packet to LAN 2 using the LAN 2 interRIC data bus 450 which is also coupled to a LAN 1 

controller. This is done by the LAN 2 controller placing the 20 controller 452. In the claims appended hereto, this bus is 

packet into the transmit buffer for LAN 2. This process referred to as the network one data bus. The 24 ports 

entails rewriting the pointers on the linked list for the indicated at 446, 448 and 449 comprise local area network 

transmit buffer to include the new packet in sequence in 1 for the bridge process. 

some embodiments. Processing is then returned to the top of Each of the repeater controllers 440 and 442 has a AUI 

the loop via path 375. 25 output port indicated at 456 and 458. The AUI port 458 is 

If the test of block 366 determined that the packet did not coupled to a software controlled switch SW1 which selec- 

come from LAN 1, then in the preferred embodiment, the tively couples either bus 458 or bus 470 coupled to a LAN 

data packet must have come from LAN 2. This is only true 1 controller 452 to a bus 462 depending upon whether the 

in the isolate or bridge modes however, because in the integrated hub/bridge is operating in bridge or bypass mode, 

bypass mode, the switch positions of, for example, switch 30 The bus 462 can be selectively coupled by switch SW3 to 

SW1 in FIGS. 6A and 6B, are set such that the LAN 2 either of two LAN 2 interface transceivers which drive the 

controller is not coupled to any LAN. Therefore, path 367 physical media of LAN 2. A switch SW2 selectively couples 

will only be taken when the hub/bridge is operating in either an AUI port 456 on RIC 440 to LAN 2 transceiver 464 in 

the isolate or bridge modes. In that case, the process sym- some embodiments. This allows the integrated hub/bridge to 

bolized by block 390 is performed to read the pointer 35 have two backbone ports operating simultaneously one of 

address from the LAN 1 forwarding vector and vector which is a repeater and one of which is bridged by proper 

processing to the routine pointed to by that vector. In isolate settings of switches SW1, SW2, and SW3. Switches SW1 

mode, the processing of block 394 is performed to discard and SW3 can be software driven, manually operated or some 

the packet, and control is returned via path 396 to the top of combination thereof. 

the bridge loop. This implements the isolate mode in the 40 In bypass mode, at initialization time, switch SW1 is set 
same way as described above by preventing the transmission by the rniaoprocessor 460 to connect the AUI port 458 to 
of the packet from LAN 2 to LAN 1 as there is no direct bus 462. Switch SW3 is also set during initialization time to 
connection in this mode from the repeater AUI port to LAN select either LAN 2 interface 464 or 466. In 
2. someembcdimcnts, upon failure of one of the LAN inter- 
In bridge mode, the step of block 400 is performed to 45 faces 464 or 466, the rnicroprocessor will automatically 
forward the packet to LAN 1 using the LAN 1 controller by attempt failure recovery by changing the slate of switch 
a process similar to the process of block 382. Of course, in SW3 to select the other LAN interface so as to maintain 
bypass mode, processing will never reach this step, so step communications with LAN 2 in either the bridge mode or 
400 is really only performed for a packet arriving from LAN the bypass mode. 

2 in bridge mode. Processing is men returned to the top of so If the user has selected bridge mode, during initialization 
the bridge loop via path 402. time, the microprocessor will set switch SW1 to connect bus 
In other embodiments, the pointer addresses in the for- 470 to bus 462. This allows the bridge process performed by 
warding vector memory locations may be written at any time CPU 460 in software to drive the LAN 2 interface via a LAN 
by the network manager. 2 controller 472 for packets that need to be forwarded from 
In still other embodiments, where the isolate mode 55 LAN 1 to LAN 2 or vice versa, mcoming packets from LAN 
described above is implemented, the pointer addresses of 2 will arrive via the selected LAN 2 interface 464 or 466 and 
both the LAN 1 and LAN 2 forwarding vectors will be set will be transferred to the LAN 2 controller 472. The LAN 2 
to point to a packet discard routine. In isolate mode, the controller will then generate an interrupt to the CPU 460 and 
switches controlling whether the LAN 2 interface (switch deposit the packet in dynamic random access memory 
151 in FIG. 2, switch 112 in FIG. 3 or switch SW1 in FIG. 60 (DRAM) 478 using DMA controller 480. 
6B) is driven by the LAN 2 controller, Le,, the bridge The bridging routine is embodied in a computer program 
process or by the AUI port of the repeater, are set in the same which is stored in nonvolatile memory in the form of field 
position as they are set for bridge mode of operation. erasable programmable read-only memory 490. This soft- 
Forwarding vectors are used in the preferred embodiment ware also contains the initialization code which sets up the 
to increase the speed of processing of data packets. In an 65 repeaters and sets the switch positions for bypass mode or 
alternative ernbodirnent, forwarding vectors may be elimi- bridge mode and writes the forwarding vector address 
nated and the steps of blocks 368 and 390 may be altered to pointers according to whatever mode is selected by the user. 
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The. initialization routine in pseudocode is as follows: functions to be invoked by the network manager via a direct 

If dynamic RAM test fails: coupling to the hub/bridge. 

Step H> PROM 546 stores the data link layer address of the 

Set up software environment hub/bridge such that in-band management data packets may 

If non-volatile RAM (NVRAM) checksum is OK: 5 ™ ™***!^? ^*"* 0 » address * 
Read system parameters from NVRAM Else ^ %f brid « e V™™ t0 * e nianagement queue in 
ReMtiaKze system to defaults ^^^^ 460 controls ^ty.^ status 
Determine hub type from ID PROM LED's symbolized by block 560. These LED's are con- 
Select hub mode of operation (bypass or bridge) 10 trolled through an enable LED register 562 and a disable 
Do preliminary configuration of RICs LED register 564. These registers may be addressed by 
If any network interface tests fail: writing their addresses on the CPU address bus 506. This 
stop address is decoded by a address decoder gate array 566 
Initialize the I/O buffers and the bridging database whidl generates appropriate chip select signals to enable the 
Do final huh/RIC configuration 15 a PP">P™te chi P s which are to have a transaction with the 
Initialize the network interfaces (hardware) status LED's have a color which indicates the status 
Activate bridging of each porL if a port is functioning correctly, its corre- 
Initialize hub management agent spending status LED will be green. The corresponding status 
Start console command processor 20 LED will be red if any of three error conditions exist for the 
The central processing unit 460 initializes the repeater/ port. These three error conditions are: improper polarity, the 
controllers using tristate buffers 500 and 502. These buffers port is partitioned, or there is no link pulse, 
are coupled to the data, address and control buses, 504, 506 The status register 580 and the LED and command circuit 
and 508, respectively, of the CPU 460, and essentially serve 582 are used by the central processing unit to signal certain 
multiplexer functions in multiplexing data, address and 25 conditions relating to the status of the combined hub/bridge, 
control information from buses 504, 506 and 508 onto 8-bit Topically there are eight LED' s in circuit 582, four of which 
shared RIC buses 510 and 512 of repeatet/controllcrs 440 are used to signal hub status and four of which are used to 
and 442. signal network status. The CPU controls these LED's by 
The repeater/controllers 440 and 442, in the preferred writing data into registers in the circuit 582. The four bub 
embodiment, are National Semiconductor 83950 Ethernet 30 status LED's are used to indicate whether power is on, 
RICs, and arc intelligent in the sense that they can sense whether a fault has occurred, whether the hub is in bridge or 
certain things about the data packets being received and bypass mode, and whether the physical media is connected, 
transmit data regarding network traffic to the microprocessor The four network status LED's are used to indicate when 
460. This feedback data from the RICs is transmitted to the data is being received from local area networks 1 and 2 and 
microprocessor through the LAN 1 controller 452. 35 when data is being transmitted on networks 1 and 2. 

In the preferred embodiment, a microprocessor 460 is Normally, the local area network controllers 452 and 472 
used to implement the bridge function, do initialization and control these network status LED's during fault free opera- 
carry out management functions. This CPU is any one of the tion. However, when a fault occurs, the microprocessor 460 
Motorola 680X0 series. takes over control of these LED's and writes data to the 
The repeater/controllers also drive twenty-four CRS light 40 circuit 582 to cause the LED's to light in a pattern which 
emitting diodes symbolized by block 514. These diodes indicates the type of fault which occurred, 
flicker to indicate when there is traffic on their respective The DIP switches 584 are used to troubleshoot the hub/ 
parts. There is one CRS diode for every port, and each bridge system, to select between ApplcTalk Phase 1 or Phase 
individual diode is driven through addressing and multiplex- 2 and to flush the NVRAM. 

ingLED logic units 516 and 518. These logic units allow the 45 Static RAM 586 is used to store parameters for the 

eight-bit buses 510 and 512 to be shared such that the network. 

repeater/controllers can use buses 510 and 512 to drive the LAN 1 utilization register 588 and LAN 2 utilization 

LED's 514, while the CPU can use these buses to initialize register 590 are used to store counts which indicate the 

the repeater/controllers and to send management commands volume of traffic flow on local area networks 1 and 2, 

to them to turn on and turn off ports, etc. 50 respectively. 

The logic units 516 and 518 are also used to address and Since the dynamic random access memory 478 is shared 
store data from the RICs in a polarity status register 520. It between the local area network controllers 452 and 472 via 
is possible to connect the physical media to the LAN 1 the DMA circuit 480, and the microprocessor 460, the data, 
interface ports with reversed polarity. If this happens, that address and control buses of memory 478 must be multi- 
port will not work, and this information is of interest to the 55 plexed to implement this sharing. Likewise, the micropro- 
network manager. Therefore, the logic circuits 516 and 518 cesser must be able to write data to the local area network 
are also used to convey polarity status information from the controllers at the outset to inform these controllers of the 
repeater/controllers 440 and 442 to the polarity status reg- locations of the transmit and receive FIFO buffers which are 
ister 520. The polarity status information is read by the established in memory 478. The microprocessor also stores 
microprocessor and conveyed to the network manager. 60 the bridge forwarding tables in DRAM 478. 

Nonvolatile random access memory 540 is used to store The data bus 504 of the microprocessor is coupled to the 

the configuration and status database information as sym- data bus 602 of the DRAM and die data bus of the local area 

bolized by block 294 in FIG. 4. network controllers by a tristate buffer 604. Data bus 602 is 

A serial communications controller 542 and interface coupled to a shared data/address bus 606 of the DMA device 

logic 544 are used to couple the hub/bridge circuit to an 65 480 by a tristate buffer 608. The buffers 604 and 608 have 

out-of-band management control device such as terminal their tristate status controlled by a bus grant programmable 

302 or modem 300 in FIG. 4. This allows management array logic 610. Three arbitration PALs 610, 612 and 614 are 
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used to arbitrate requests for access to the data, address and diagrams and PAL equations of the best mode of carrying 

control buses such that the DRAM 478 may be shared out the teachings of the invention are included herewith as 

between the DMA controller 480 and the CPU 460. For Appendix B and Appendix C 

simplicity, the connections between these PALs and the Referring to FIG. 7, there is shown a block diagram of one 

buffers and multiplexers they control are generally not 5 embodiment of a different type of packet switching network 

shown. hub apparatus than the combined hub/bridge described 

The address bus of the DRAM 478 is multiplexed by an above. The apparatus is comprised of a high-speed, shared, 

address multiplexer 616 which has as its two inputs the mutiport memory system 800 which has two ports in this 

DMA address bus 618 and the CPU address bus 620. Tristate particular embodiment One of the ports is coupled by an E 

buffer 622, coupling the microprocessor address bus 506 to to bus 802 and an E bus driver circuit 799 to a plurality of 

the address bus segment 620, is controlled by arbitration conventional LAN controller chips, of which LCC #1 is 

PAL 612 to isolate the CPU address bus 506 from the typical. The LAN Controller Chips (hereafter sometimes 

address bus segment 620 when the DMA address bus is referred to as LCC's) are available commercially from 

active. Selection of the address input to apply to the DRAM various suppliers like National Semiconductor of Santa 

address bus 630 is controlled by a programmable array logic is Clara, Calif., and are sometimes also referred to as "Sonic" 

632. chips. Each LAN Controller Chip is coupled to its own 

Control signals from the DMA device on bus 634 and Ethernet media segment via a Media Access Unit (hereafter 

control signals from the CPU on bus 636 are coupled to the MAU). Each Ethernet segment, such as segment 805 

two selectable inputs of a control mmtiplexer/PAL 640. The coupled to MAU 807 and LCC 809, typically has a 10 

MUX/PAL 640 also receives three control inputs from the 20 Megabit/sec data carrying capacity which is defined by the 

control PAL 614, one of which controls selection of the Ethernet standard. 

particular control bus input to couple to the output bus 644. The E bus 802 is also coupled to an Ethernet processor 
A portion of the signals on bus 644 are applied as input 804. The Ethernet processor 804 configures the LAN con- 
signals to the PAL 632 to control its state and two output troll or chips and creates in the high speed memory a separate 
signals from the address multiplexer 616 are also applied as 25 transmit and receive buffer for each LAN controller and a 
inputs to this PAL 632, PAL 632 generates the row address separate area of memory for storing receive and transmit 
strobe/column address strobe signal on line 648 to control status data for each LAN controller, each separate area of 
whether the address on bus 630 to the DRAM is used to memory storing status data being hereafter called a descrip- 
address a row or column. The PAL 632 also receives a tor. La the particular class of embodiments symbolized by 
refresh signal on line 650 from a timing circuit (not shown) 30 FIG. 7, the Ethernet processor 804 then assigns each LAN 
which causes the PAL 632 to refresh the DRAM 478 at a controller chip to a specific transmit buffer and a specific 
64-ltilohertz rate. The PAL 632 also generates a handshake receive buffer in the high speed memory system 800, and 
signal on line 652 to inform the control PAL 614 that a these assignments are fixed and do not vary over time. In 
refresh cycle is under way and to not attempt to grant bus alternative embodiments to be described below, the Ethernet 
access to either the DMA control bus 634 or the CPU control 35 processor 804 allocates at least one receive buffer and one 
bus 636 via buffer 637. transmit buffer far each LCC, but the particular receive 

Finally, a tri-state buffer 660 is used to multiplex the buffer in which is stored any particular packet being handled 

data/high address bus 606 from the DMA device 480 such depends upon which buffers are free at the time the packet 

that when the DMA is granted access to the address bus of arrived. In other words a table of free receive buffers is kept 

the DRAM, bus segment 606 is coupled to the low address 40 and consulted when a packet arrives to find an open receive 

bus segment 607 to form a 24-bit DMA address bus 618. buffer in which to stare the packet In the preferred 

The control MUX/PAL 640 also generates a read/write embodiment, each receive buffer is the same size, but in 

control signal to the DRAM on line 680 to control whether other embodiments, only enough memory is allocated for 

the DRAM is reading or writing. The MUX/PAL 640 also each packet as that particular packet needs for greater 

generates a read/write control signal to the LAN controllers 45 memory utilization efficiency at the expense of some pro- 

452 and 472 to allow these controllers to be either written or cessing power devoted to determining how much memory to 

read by the microprocessor 46#. allocate to each packet Equal size buffers for all receive 

The bus grant PAL 610, the arbitration PAL 612 and the buffers increases data throughput by rfhninaring the need for 

control PAL 614 control the states of the PAL 632 and the processing to determine how much of the memory system to 

buffers 604, 608, 660, 622, and 637 so as to time division so devote to each packet. 

multiplex or arbitrate the data, address and control buses The Ethernet processor 804, in the class of embodiments 

such that the DRAM 478 may be shared. The details of this represented by FIG. 7, creates the descriptors in the high 

bus arbitration or multiplexing are not critical to the speed memory 800 by assigning a unique range of addresses 

invention, and any other arbitration scheme known in the in the high speed memory 800 for the descriptor for Lan 

prior art may also be used and still be within the scope of the 55 Controller Chip LCC #1 and another unique range of 

teachings of the invention. Further, in alternative addresses for the descriptor for Lan Controller Chip LCC #2. 

embodiments, separate DRAM memories may be used for These descriptors are then organized as a linked list by the 

the local area network controllers, and the bridging process Ethernet processor by writing as the last field (or some other 

and for any other process which needs DRAM memory predefined field in the descriptor space) a pointer to the start 

assigned to it such that bus arbitration can be simplified. 60 of the next descriptor. The pointer is the address in high 

The program executed by the microprocessor 460, written speed memory where the descriptor for the next LAN 

in C source code and assembly language on an Apple MPW controller starts. 

3.0 development system, is attached hereto as Appendix A The Ethernet processor 804 (hen assigns each particular 
The microprocessor 460 is a Motorola 68000 in the pre- LAN Controller Chip to a unique descriptor dedicated to 
fared embodiment, but other microprocessors in the 68000 65 supporting only that Lan Controller Chip (hereafter some- 
series should also execute mis code properly when compiled times referred to as an LCC). The Ethernet processor 804 
for their particular machine language. The actual schematic then assigns each LCC to unique transmit and receive 
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buffers dedicated to supporting only that Lan Controller packet information in its receive buffer by performing a 
Chip. These two steps are done by informing each LAN DMA transaction and then does a DMA access to the 
Controller Chip of the range of addresses that comprise the descriptor ring and sets a status bit indicating that the LAN 
descriptor for that LCC and the range of addresses compris- controller is receiving a packet However, m ec ha nisms other 
ing the receive buffer into which received data packets from 5 than DMA may also be used in other embodiments such as 
that LCC are to be deposited. The Etherhigh speed memory conventional read and write transactions involving the Em- 
each LCC of the address range in high speed memory 800 ernet processor 804 to write the data to the main memory 
where each LCC can find data packets to be transmitted on after the LCC generates an interrupt or upon the LCC being 
the Ethernet segment connected to its corresponding MAU. polled by the Ethernet processor 804. 
In FIG. 7, transmit buffer 812 and receive buffer 814 are 10 After a LAN controller chip has received a complete 
assigned to LCC 809, while transmit buffer 816 and receive packet, the LCC performs an error detection process on the 
buffer 818 are assigned to LCC 820. Bach of LCC 809 and packet In some embodiments, the LCC may also correct any 
LCC 820 has a descriptor entry somewhere on the linked list errors it finds within range of the ECC bits appended to the 
symbolized by descriptor ring 808. packet, and in other embodiments, the LCC may simply ask - 

In alternative embodiments, the LAN controllers can have 15 for retransmission, 
enough intelligence to coordinate with each other to assign Once the packet has been correctly received, the LCC 
their own descriptor memory spaces, and transmit and docs a DMA access to the descriptor buffer of record 
receive buffers thereby eliminating the need for a separate assigned to the LCC and sets a new status bit or changes the 
Ethernet processor 804. In another alternative embodiment, status bit previously accessed so as to indicate that a 
(he LAN Controller Chips can have sufficient on-board 20 complete, correct packet has been received and is stored in 
memory to store incoming packets and status data and to the receive buffer of the LAN controller. In the preferred 
temporarily buffer outgoing packets before they are trans- embodiment, the descriptor buffer for the LAN controller 
mitted The central high speed memory class of embodi- that received the packet will also be updated with a pointer 
ments symbolized by FIG. 7 is preferred however because to the address in the appropriate receive buffer where the 
LAN controllers with on-board memory would have to have 25 data of the received packet starts, 
enough memory to store a plurality of data packets in cases The Ethernet processor 804 also functions to determine 
where the main microprocessor processing (to be described when complete and correct data packets have been received 
below in more detail) is too slow to take all packets as they and then refers these data packets to the main microproces- 
are received. This could require too much memory and make sor 806 for further processing. To perform this function, the 
the LCCs too expensive. 30 Ethernet processor continuously poEs the "descriptor ring" 

Returning to the consideration of the class of embodi- 808 to determine which LCCs have stored received packets 
ments symbolized by FIG. 7, the individual transmit and that are ready for routing or other processing such as passing 
receive buffers assigned to the LAN controller chips are the packet to a management function. To do this, the 
located in an address space which is shared with a main Ethernet processor 804 reads the status bit or bits of each 
microprocessor 806 which serves to do bridging and routing 35 descriptor buffer in the descriptor ring linked list 808. When 
functions as will be described in more detail below. status . data is detected in a particular descriptor buffer 

Because each LAN Controller Chip has its own MAU, indicating that a complete and correct data packet has been 
each of the LAN Controller Chips can be coupled to any received and is waiting in the receive buffer of a particular 
type of Ethernet media. For example, LCC #1 may be LAN controller associated with the descriptor in which the 
connected through a lOBaseT type MAU to a twisted pair 40 data was found. When the Ethernet processor determines 
media segment 80S, while LCC#2 may be connected from polling the descriptor rings that a particular LAN 
through a 10Base2 type MAU #2 to a coaxial cable type controller has successfully received a packet, the Ethernet 
media segment 820. Another LCC may be connected to a processor writes a pointer to the received packet into queue 
fiber optic backbone link etc. Each media segment such as 810 of high speed memory 800. The queue 810 serves as a 
segment 805 may be connected to a computer or other 45 sort of FIFO stack of pointers used to prioritize the routing, 
peripheral or it may be connected to a network input port of bridging and other processing functions of the main micro- 
a hub or another switching apparatus such as the genus of processor 806. In the preferred embodiment, the Ethernet 
apparati symbolized by FIG. 7. In the preferred processor 804 retrieves the pointer to be stored in queue 810 
embodiment, there are 12 LCCs, 12 MAU's and 12 media from the descriptor buffer itself. In other embodiments, the 
segments. Thus, as many as 12 LAN's could be connected 50 Ethernet processor 804 learns of the presence of a packet in 
together by the packet switching machine shown in FIG. 7. a receive buffer from data in the descriptor and then reads an 

Each LAN controller chip may be coupled to a computer on-board memory or register in the corresponding LCC to 
or other peripheral via a particular LAN segment, or may be retrieve a pointer to the packet This pointer is then stored in 
connected to another packet switching device or hub such the processing queue 810 for the main microprocessor. The 
mat networks of very large size may be built as well as 55 processing queue must be in a shared address space of both 
networks of smaller size. the Ethernet processor 804 and the main nucroprocessor 

After me buffers for LCC #1 are assigned to it, the 806. 
Ethernet processor 804 turns on LCC #1 and it begins to The processing queue 810 is essentially a table in high 
listen for incoming data packets on media #L The same speed memory 800. This table serves the function of pro- 
scenario applies to each LAN controller. 60 viding an expandable buffer far pointers to received packets 

When a packet starts arriving, the LAN controller chip in case the rate at which packets arc being received by the 
connected to the network segment on which the packet is LCCs exceeds the rate at which these packets are being 
arriving asynchronously starts depositing data from the processed by the main rrucroproccssor 806. The main micro- 
packet into the receive buffer assigned to that LAN control- processor starts processing received packets using the 
ler. The LAN controller also accesses descriptor file 65 pointer at the top of the table and continues to process 
assigned to it and writes status data thereto indicating that a packets having pointers stored in other locations in the table 
packet is arriving. Topically, the LAN controller deposits the by sequentially retrieving the pointers stored in lower slots 
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of the table until die bottom of the table is readied. The main 
microprocessor keeps track of its position in the table using 
a pointer which is moved to the next table location when a 
packet has been processed by the main microprocessor. 
When the bottom of the table is reached, the pointer is reset 
to the top of the table. Likewise, a pointer is used by the 
Ethernet processor 804 in rilling the table, and when the 
bottom of the table is reached, the pointer is reset to the top 
of the table to start filling the table again from the top. 

The Ethernet processor cannot reset its pointer to the top 
of the table until it is sure that the main microprocessor 806 
has processed the packet pointed to by the pointer in the top 
of the table which is about to be overwritten. This can be 
done in several ways. For example, a bit reserved for 
"processesed/aot processed status" in every table entry may 
be set by the main microprocessor 806 as a packet is 
processed. The bit would be set by the main microprocessor 
to a **processed M state whenever processing of the packet 
pointed to by the pointer in that table entry is complete. 
When this bit is found in the "processed" state, the Ethernet 
processor 804 would know that that table location is avail- 
able for use in storing a pointer to a new packet awaiting 
processing. Id another embodiment, the Ethernet processor 
804 would simply compare its pointer position to the current 
pointer position for processing by the main microprocessor, 
and, if the main microprocessor's pointer was lower in the 
table than the pointer of the Ethernet processor, men the 
Ethernet processor is free to assume that all storage locations 
down to the position of the main microprocessor pointer are 
available for use in storing new pointers. In some 
embodiments, the queue 810 may be organized as a linked 
list In such an embodiment, the easiest way to prevent 
overwriting pointers for packets that have not been pro- 
cessed is through use of a 'processed/unprocessed" bit in 
each record in the linked list chain. 

The main microprocessor 806 uses the pointers in queue 
810 to access the received packets in whatever receive 
buffers they reside. The main microprocessor then looks at 
the addressing information in the packet header and decides 
what to do with the packet The main microprocessor is 
responsible for doing bridging, routing, network manage- 
ment and possibly other miscellaneous functions. Some of 
the possibilities with regarding to handling a particular data 
packet by the main microprocessor are to discard the packet, 
transfer the packet to a management process or pass a 
pointer to the packet to a management process or bridge the 
packet to its destination on another media segment other 
than the one on which the packet arrived 

In the preferred embodiment, where a packet has to be 
bridged or routed by the main microprocessor and transmit- 
ted out on another media segment other than the one on 
which the packet arrived, the main microprocessor writes a 
pointer to the packet into the transmit buffer assigned to the 
LCC coupled to the media segment upon which the packet 
must be transmitted. In the preferred embodiment, the 
LCC's have sufficient intelligence to continually poll their 
transmit buffers. Any pointers in a transmit buffer will 
indicate the address in the receive buffer where the packet 
associated with that pointer can be found. When a pointer to 
a packet is found, the LCC uses the pointer to access the data 
packet from the receive buffer where the packet is stored and 
retrieves the packet The packet is then transmitted. In some 
alternative embodiments, the main microprocessor may gen- 
erate an interrupt signal or otherwise send a message to the 
LCC coupled to the media segment upon which a packet is 
to be transmitted when a pointer to the packet has been 
placed in the transmit buffer of that LCC. If a packet has not 
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yet been transmitted, for example by LCC 809, and another 
packet arrives in the same or a different receive buffer which 
must also be re-transmitted on the media segment 805, the 
main microprocessor 806 places a pointer to that packet in 

5 the transmit buffer 812 in the next position that is unoccu- 
pied by other pointers therein. 

To perform the routing, bridging and switching functions, 
the main microprocessor uses an 8000 entry routing, bridg- 
ing and switching table stored in dynamic random access 

10 memory 822. The main microprocessor manages this table 
to implement a learning function similar to the bridge 
learning process described above for the network hub with 
integrated bridge. 
The advantages of the packet switching structure shown 

is in FIG. 7 over the network hub with integrated bridge are 
that many more local area networks may be connected 
together and the packet switchmg/bridging/routing functions 
are much faster. In fact, the switchingfaridging and routing 
functions are performed at * 'media rate". For example, media 

20 segments such as segments 805 and 820, can each be 
receiving data at a rate of 10 megabits per second, the 
maximum allowable Ethernet rate of data transmission. If all 
12 media segments are receiving data at that rate, the 
problem is to bridge, route and otherwise process all those 

25 packets without losing a packet The class of embodiments 
symbolized by FIG. 7 can do this with the aid of the special 
memory structure shown. To handle the traffic volume 
mentioned above, extremely fast static random access 
memory having at least two and optionally 3 or 4 ports is 

30 used for high speed memory 800. To further speed up 
operations, data packets are not actually moved from the 
receive buffers to the transmit buffers to save the multiple 
memory cycles that would be required to do this. The only 
data that moves around the high speed memory arc pointers 

35 to the data packets. In other embodiments where such high . 
speed * "media rate" operation is not required, the data 
packets themselves can be moved. 

In the preferred embodiment, the high speed memory is 
designed to have three ports one of which is a high speed 

40 backbone interface. In a broader genus of the invention, (his 
third high speed backbone port is omitted. In this genus, only 
two ports for the high speed memory 800 arc needed. These 
two ports are coupled to the E bus 802 and the M bus 824. 
Like the E bus 802, the M bus 824 is coupled to the port of 

45 the high speed memory 800 through an M bus driver circuit 
The third port to the high speed backbone, 828, is shown in 
dashed lines because it is optional This port is actually an 
interface circuit to a very high speed backbone media 826 
such as AIM, FDDI or Fast Ethernet The ATM/FDDI/Fast 

50 Ethernet port 828 includes a microprocessor 830 that 
executes code stored in dynamic random access memory 
832. The microprocessor 830 serves to convert the protocol 
used on the FDDI, ATM or Fast Ethernet media 826 to the 
protocol used on the regular Ethernet media such as media 

55 805 and vice versa. The microprocessor 830 also stores any 
management packets arriving from the FDDI ring or other 
backbone media segment 826 in memory 832. 

The fourth optional memory port is represented in dashed 
lines by expansion port 834. This interface circuit includes 

60 a microprocessor 836 which onloads part of the work of 
main microprocessor 806 is performing routing and man- 
agement packet interpretation and execution of requested 
management functions. 

Part of the high speed memory system is an arbitration 

65 circuit 838 mat manages contention for the address and data 
ports of the memory chips that comprise the memory banks 
of the high speed memory system 800. The details of the 
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arbitration circuit are not critical to the invention and can be buses and buffer copy operations. Typically, these prior art 

conventional, but in the preferred embodiment, the arbitra- packet switching machines use a single high speed bus to 

tion circuit is implemented with a field programmable gate which are coupled a plurality of adapter circuits that couple 

array. This FPGA has as outputs all the data, address and the bus to each of a plurality of media such as Ethernet 

control lines of the static RAM chips in the memory system 5 lOBaseT etc. When a packet is received on a first media, the 

SIMM, and has as inputs all the lines of whatever number of packet is copied into a buffer memory on the adapter circuit 

ports are implemented in the memory system. The Boolean coupling that media to the high speed bus. If the packet is 

equations that define the logical relationships between the addressed to a location on another media, the entire packet 

inputs and outputs is appended hereto as Appendix A. needs to be copied into the buffer of the adapter circuit 

The fundamental issue handled by the arbitration circuitry 10 coupled to the media on which the destination address 

is handling conflicting memory access requests from the resides (hereafter the target buffer). The packet is then 

main microprocessor, the LCC chips and the Ethernet pro- copied out of the target buffer by the circuitry that drives the 

cesser. In embodiments where there are also third and/or packet data onto the media to which the machine having the 

fourth ports, the arbitration circuitry also handles conten- packer's destination address is coupled. This buffer copy 

tions for access to high speed memory from these interfaces 15 operation is done using the high speed bus, but the very act 

as well. Collisions of access request can be resolved by of having to copy the entire packet from one buffer to 

•conventional reservation schemes, contention resolution another and having to do that with all the packets that need 

schemes, polling schemes, fixed time slots of fixed "pecking to be bridged from one media segment to another substan- 

order" type schemes such as where a microprocessor having tially slows down the operation of these prior art packet 

second position on a pecking order is granted access until a 20 switching machines. 

higher pecking order microprocessor requests access at Another way in which switching speed is increased in the 

which time the lower pecking order microprocessor must machines of the genus represented by FIG. 7 is through use 

immediately relinquish control of the high speed memories of a "cut through" mode. The above described mode of 

address and data buses. The preferred methodology is the operation of receiving an entire packet, error checking it and 

contention resolution scheme whereby one microprocessor 25 then notifying the main microprocessor of the existence and 

desiring access is granted access for as long as the micro- location of the packet so the main microprocessor can start 

processor needs access until another microprocessor examining the packet and take appropriate action will be 

requests simultaneous access at which time the conflict is hereafter referred to as the "store and forward" mode. The 

resolved by any contention resolution scheme such as fixed "cut through" mode is faster than the "store and forward" 

priorities etc. 30 mode for the following reasons. In cut through mode, 

The amount of memory needed for high speed memory instead of waiting for the entire packet to be received and 

system 800 to only do Ethernet switching to bridge packets placed in the receive buffer before notifying the main 

between the various media such as media 805 and media 820 microprocessor, the main microprocessor is notified of the 

with no backbone port 828 is one megabyte of 20 nanosec- existence of the packet after only the header is received. In 

ond access time SRAM. In this situation, maximum traffic 35 other words, when a packet starts arriving on any particular 

volume situation is 6 Ethernet ports carrying inbound traffic media, the bytes of the packet header are sequentially stored 

and 6 Ethernet ports carrying outbound traffic. Such a in the receive buffer assigned to the media upon which the 

situation would involve a maximum of 90,000 packets per packet is arriving. After the complete header has been 

second. To do this Ethcrnet-to-Ethemet switching coupled received, the Ethernet microprocessor notifies the main 

with FDDI switching requires that memory system 800 have 40 microprocessor of the existence and receive buffer location 

two megabytes of of 20 nanosecond access time SRAM of the header of packet currently being received and requests 

because approximately 150,000 packets per second need to that the main microprocessor start processing the packet 

be processed to achieve adequate performance levels. To do The main microprocessor then accesses the header and 

ATM switching requires that memory system 800 have four makes a determination of what kind of a packet it is, i.e., 

megabytes of 20 nanosecond access time SRAM. The 45 whether it needs to be routed to die management process or 

required switching speed is achieved by having the memory is a data packet, and whether the packet needs to be routed 

system 800 be so much faster than the microprocessors such or bridged, If the packet needs to be bridged or routed to 

as Ethernet microprocessor 804 and main microprocessor another media, the main microprocessor men notifies the 

806 that it looks to the microprocessor like it has a piece of LCC or adapter circuit coupled to the media to which is 

the high speed memory system 806 all to itself. so coupled the machine having an address corresponding to the 

Typically, the receive buffer for each Ethernet media such destination address of the packet That LCC or adapter 

as media 805 has SO address locations, each of which can circuit then begins sequentially emptying out the bytes of the 

store one Ethernet packet of approximately 1,500 bytes packet from the receive buffer in which it is stored using a 

length. If 12 Ethernet ports are all filling their buffers, pointer to the start of the packet received from the main 

practically all of one megabyte is filled. FDDI packets are. 55 microprocessor. During all this processing the bytes of the 

longer however, being on the order of 4,500 bytes each. incoming packet are being constantly received and stored in 

Therefore the addition of the FDDI adapter circuit 828 the receive buffer even as bytes earlier received are being 

requires additional memory to support the longer length emptied out of the same receive buffer by the LCC or 

packets and higher traffic volume. ATM packets are only 53 adaptor circuit coupled to the media coupled to the desti- 

bytes long, but these packets get concatenated. Also, ATM 60 nation machine. 

backbones require additional memory to support emulation After the mcorning packet has been completely received, 

mode where all the ATM network is made to look like an the LCC that deposited the bytes of the packet into the 

Ethernet to machines wishing to communicate over the ATM receive buffer checks the complete packet for errors such as 

network. a framecheck error. If there were errors, the packet that 

The genus of packet switching machines represented by 65 contained the errors will be discarded, and the system falls 

FIG. 7 is substantially faster and therefore better than other back to the "store and forward" mode. The reason that the 

prior art packet switching technologies using high speed system falls back to the "store and forward" mode is because 
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there is probably some source of noise that the network is 
picking up that corrupted the packet just received and this 
source of noise is likely to have corrupted more than one 
packet Therefore, since the portion of the corrupted packet 
just received which has been transmitted on the destination 
machine's media cannot be retrieved, to avoid further erro- 
neous packets from being propagated onto other media, the 
system falls back to the "store and forward" mode. In this 
mode, the main microprocessor is not notified that a received 
packet exists and needs to be processed until the entire 
packet has been received and has been checked for errors 
and found to be error-free. 

If no errors were found at the end of the packet reception 
in the "cut through" mode, the system continues in the cut 
through mode for all received packets to achieve maximum 
throughput. Generally, it has been found that Ethernet net- 
works are so reliable that the cut through mode can be used 
most of the time with error-free operation. 

In alternative embodiments where speed is not so critical, 
the main microprocessor may move the packet out of the 
receive buffer for the LCC of the media segment upon which 
the packet arrived and moves it to the transmit buffer 
assigned to the LCC coupled to the media segment upon 
which the packet is to be transmitted. 

In the preferred embodiment, the LCC that ultimately 
transmits the packet will, upon successful completion of the . 
transmission, set a bit in its descriptor indicating mat the 
packet has been successfully transmitted. Then, either the 
Ethernet processor or the main microprocessor 806 will 
access the packet that has been transmitted and erase it from 
the receive buffer* The packet may not be literally erased in 
some embodiments. The addresses which the packet occu- 
pied may simply be indicated as available in a table kept in 
high speed memory 800 or on-board one of the micropro- 
cessors 804 or 806. This memory management process to 
keep track of available memory may be done by the main 
microprocessor 806 or the Ethernet processor 804, or, in 
some embodiments, by the LCC chips themselves. 

A key aspect of the invention is design of a high speed 
memory system which has sufficient bandwidth, i.e., low 
enough access times and enough throughput so as to be able 
to accept up to 10 megabits/second traffic volume on each 
network media coupled through a MAU and LCC to the E 
bus so as to be able to receive at least 120 megabits/second 
on the aggregate over the E bus and route mis traffic to the 
high speed backbone port at media rate while having enough 
memory bandwidth left over to allow the two or more 
microprocessors in the system to still be able to have access 
to the high speed memory for purposes of executing their 
programs without constriction. Media rate for both FDDI 
and Fast Ethernet are 100 megabits/second, and media rate 
for planned ATM systems is 155 megabits/sec. In the pre- 
ferred embodiment, the bandwidth of the high speed 
memory is 1.2 gigabits/second. This aspect of the teachings 
of the invention is. accomplished by making high speed 
memory a shared static RAM array which has multiple parts 
and bus arbitration for access from the multiple ports to the 
shared address, data and control lines of the memory chips 
themselves. 

Referring to FIG. 8, there is shown a more detailed block 
diagram representing a species of machines built in accor- 
dance with and operating in accordance with the genus of the 
invention. The LCCs of FIG. 7 such as block 809 corre- 
spond to Sonic chips marked Sonic 1 through Sonic 12. The 
MAU chips of FIG. 7 such as block 807 are represented by 
blocks MAU 1 through MAU 12. The Ethernet media such 
as media 805 are represented by the lines marked Port 1 
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through Port 12. The Ethernet processor 804 is implemented 
by a Motorola MC68HC040 microprocessor and the main 
processor 806 is also implemented by a Motorola 
MC68EC040 microprocessor. In an alternative embodiment, 

5 the functions of the main processor 806 and the Ethernet 
processor 804 could be combined and performed by a single 
more powerful processor such as the PowerPC RISC 
microprocessor, a Pentium microprocessor etc. It is pre- 
ferred to use two microprocessors however so that load 

10 sharing can be accomplished to increase data throughput and 
performance of the system. The main microprocessor 806 
stores data comprising its bridging and routing tables in 
dynamic random access memory 822 or in SRAM 800. 
Factory configuration and manufacture data is stored in 

15 EEPROM 801. This data is not accessible to the user and 
consists of serial number, board revision level, software 
version number, date of manufacture, configuration data. 
Nonvolatile RAM memory 803 stores user r^ogrammable 
configuration data such as at what baud rate the ports work, 

20 what addresses have been assigned and other things that are 
user configurable. Flash ROM 805 stores the programs for 
the main processor 806 and the Ethernet processor 804 that 
are listed in Appendix E, Parts I and IX Timers and front 
panel display circuits 807 are used in support of the user 

25 interface and management functions. Reset and watchdog 
timer circuit 809 resets the microprocessors when a system 
crash occurs so that the microprocessors clear themselves 
and start again at the top of their program loops. The SCC 
circuit is a serial communications controller for bidirection- 

30 ally communicating data between the packet switching 
machine and the console. The circuitry of FIG. 8 is pro- 
grammed to operate in the fashion described in FIGS. 9, 10A 
and 10B and 11. 
Referring to FIG. 9, there is shown a conceptual diagram 

35 of the process carried out according to the teachings of the 
invention. Hie diagram of FIG. 9 assumes that the process 
is being carried out by an Ethernet processor and a main 
processor, although, it could be also carried out by a single 
processor doing the functions described for both the Ether- 

40 net processor and the main processor. FIG. 10, comprised of 
FIGS. 10A and 10B, is a flow chart of the general sequence 
of events in the handling of a packet in the stare and forward 
mode. The reader should refer to FIGS. 9 and 10 jointly for 
purposes of the following discussion. References to a main 

45 processor and an Ethernet processor should be read as 
references to a single processor where single processor 
structures are- being used to carry out the process of FIG. 10. 
The operating system kernel, block 841 is executed by the 
main processor 806 (not shown). A function of the kernel is 

so to implement a round robin, time slot based sharing of 
processor power among three tasks. Those three tasks are 
represented by block 843 far the Packet Switching Task, 
block 845 for the SNMP or Simple Network Management 
Protocol agent and block 847 for the Console Process. The 

55 operating system kernel, the Packet Switching Task, the 
SNMP agent and the Console Process are all programs or 
suites of programs which control operations of the main 
microprocessor during their respective time slots or in any 
other manner such as polled (kernel polls tasks and awards 

60 control of buses and main microprocessor assets when a task 
says it has business to transact), on demand (kernel awards 
control of buses and main microprocessor assets when 
receives request from task) etc. Each of these three processes 
gets awarded a 100 millisecond time slot by the kernel to 

65 perform its task and can perform its task to completion or 
until the end of 100 milliseconds, whichever occurs first 
The kernel 841 may also provide functions mat may be 
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invoked by each of the three tasks to assist them in per- In the specific example diagrammed in FIG. 9, it is 

forming their tasks such as "read shared memory' 1 or "write assumed that the packet is to be retransmitted to some 

shared memory" etc. machine coupled to media/port 1, so the pointer to the packet 

In alternative embodiments, each task could be running is placed in the transmit buffer 870 for port 1. This in effect 

simultaneously on its own microprocessor or each task could s triggers the appropriate LCC to begin transmitting the 

set a flag or generate an interrupt when it needs attention packet since the LCC's regularly poll their transmit buffers, 

from the main processor so that processing by the main as symbolized by block 859. The transmit buffer is a queue 

processor is allocated to tasks only when they ask for it that is assigned to the LCC during the initialization process 

Obviously, the three tasks 843, 845 and 847 could also be by the Ethernet processor. The LCC knows exactly where to 

implemented fully in hardware for even higher operating 10 look in the shared memory when it polls its transmit buffer 

speeds or partially in hardware and partially in software. as the addresses included within the transmit buffer assigned 

Block 849 in FIG. 10A represents the award of a 100 to any particular LCC do not change. Block 857 also 
millisecond timeslot to the Packet Switching Task by the represents the process carried out by the main microproces- 
main processor in the preferred embodiment For purposes sor in carrying out the process of assisting in freeing the 
of FIG. 10 and illustration of the flow of processing, it will 15 memory locations in the receive buffers for re-use in storing 
be assumed that each of the three tasks 843, 845 and 847 will new incoming packets, lb cany out this process, the main 
have, some processing needs during their respective time microprocessor, after processing a received packet by trans- 
slots, and these processing needs will be handled sequen- f erring it to the SNMP agent by placing a pointer to it in the 
tially. management queue 865 or placing a pointer to the packet in 

During the time allocated to the packet switching task 20 some transmit buffer, also places a pointer to the packet in 

843, the Packet Switching Task polls queue 810 in shared a free queue 896. The free queue is used to store pointers to 

memory to determine if any pointers to packets to be packets that have been scheduled for transmission by the 

processed are waiting therein, as symbolized by block 851 main microprocessor. Another function of the Ethernet pro- 

in FIG. 10A. If there is a pointer to a packet waiting in some cessor 804 is to poll the free queue 896 periodically and use 

receive buffer, the switching task accesses the appropriate 25 the pointers stored therein to free for re-use the memory 

receive buffer, indexes into the header information and space consumed in the receive buffer(s) by packets pointed 

examines the header data. This examination of the header to by pointers in the free queue. 

data tefls the Packet Switching Task whether the packet is to If a pointer is found in the transmit buffer, the LCC 
be discarded, transmitted out on another media (a media will transmits the packet using the pointer to retrieve the bytes of 
sometimes hereafter be referred to as a port) from the one the 30 the packet from the receive buffer of the LCC which 
packet arrived on, routed to the SNMP agent etc. This received it where the packet is stored, as symbolized by 
processing is represented by block 853 in FIG. 10A. The block 861. The data communication paths in FIG. 9 iraple- 
Packet Switching Task then takes the pointer off the queue menting this transaction are symbolized by paths 851A, 
810, as symbolized by block 855, and processes the packet 853A and 857A corresponding the steps having like root 
pointed to by mat pointer accordingly, as symbolized by 35 reference numbers in the flow chart of FIG. 1 OA- 
block 855. The packet may be a management packet mat Of course, some packets need to be broadcast or multi- 
needs to be directed to the SNMP agent Blocks 863 and cast. This is determined from the header addressing infor- 
f ollowing explain how this process works. Alternatively, the mation. If a packet is to be broadcast, a pointer to the packet 
packet being processed by die main microprocessor may be is placed in every transmit buffer, whereas if a packet is to 
a data packet that needs to be transmitted out a different port 40 be multicast, a pointer to is placed in all the transmit buffers 
to another machine. Block 857 in FIG. 10A represents a coupled to media or ports having machines coupled thereto 
bridging process to handle this type packet where a packet having destination addresses in the range given in the 
arrives from a first machine on one port or media and must multicast address. 

be retransmitted via another port or media to a different Assume for the next part of the discussion that a packet 

machine. To implement this process, and as symbolized by 45 has arrived that is a management packet, and is sitting in the 

block 857, the Packet Switching Process places a pointer to receive buffer of the LCC that received it Whenever the 

the packet in the appropriate transmit buffer assigned to the management packet has been completely received, the Eth- 

LCC coupled to the media or port upon which the packet is ernet processor 804 places a pointer to it in the queue 810. 

to be retransmitted, as represented by path 857 A in FIG. 9, Then, the next time the Packet Switching Task runs, the 

and updates the packer's reference count Updating the 50 main processor will see the pointer to the management 

reference count involves the main microprocessor writing a packet in the queue and examine the MAC layer address and 

reference count number into a reference count field in the realize that the packet is a management packet because the 

packet stored in the receive buffer. This reference count MAC layer address will indicate the SNMP agent 845 as the 

number is equal to the number of transmit buffers in which destination. The Packet Switching Task then places a pointer 

a pointer to the packet has been stored thereby indicating 55 to the management packet in a portion of a management 

how many ports on which the packet is to be transmitted. queue 865 in FIG, 9 devoted to pointers to management 

This reference count is used to aid in managing the memory packets. Then the pointer to the management packet is 

useage of the receive buffer for maximum utilization, espe- removed from queue 810. All this processing is symbolized 

dally in situation where some ports have heavy traffic or by block 863 in FIG. 10A and paths 85 1A, 853A and 863A 

bottlenecks and packets are piling up while other ports are 60 in FIG. 9. 

able to transmit their packets without delay as soon as Block 865 in HG. lOA, represents the process carried out 

pointers thereto are placed in their transmit buffers. Without by the main microprocessor in allocating a time slice to the 

the reference count and the Free Queue buffer, individual SNMP agent/process 845 in FIG. 9. The SNMP agent block 
dedicated blocks of memory would have to be allocated to 845 really represents an SNMP agent as well as a stack of 
each LCC for its transmit and receive buffer as in the 65 IP protocols that serve to decode the IP portion of the address 
embodiment of FIG. 7. This does not result in optimum of the packet and strip off the portions of the address that will 

utilization of memory locations of the shared memory 800. not be understood by the SNMP agent The remaining 
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portion of the packet, which will be referred to as the and receive buffers are In memory. This can be done by, for 

management portion of (he packet, is forwarded to the exainple,writmg length information and pointers to the start 

SNMP agent for execution. The SNMP agent 845 in FIG. 9 of the transmit and receive buffer for each LCC in the 

then executes whatever request is embodied in the manage- descriptor ring for that LCCL The LCCs then find out where 

ment packet Such requests could include enabling or shut- 5 their buffers are and the size thereof upon regular polling of 

ting down a port, reconfigure a port, gather traffic informa- their descriptor rings. Alternatively, the Ethernet processor 

tion etc. All management packets will come in through one can send messages directly the LCCs telling them the 

of the ports from an external source. All this processing locations and sizes of their respective buffers, 

regarding receiving the management packet and getting it to Block 891 represents the process carried out by the LCC's 

the SNMP agent is symbolized by block 867 in FIG. 10A. 10 in doing the following things: receiving packets and storing 

If the management packet requests information, the them in their respective receive buffers, transmitting packets 

SNMP agent gathers that information and assembles a reply pointed to by pointers In the transmit buffers of the LCCs, 

packet in an outgoing management packet reply buffer 866 updating the packet reception status bits in the receive 

in FIG. 9 as symbolized by block 869 in FIG. 10B and path portions of their descriptor rings when packet reception 

869A in FIG. 9. Block 869 in FIG. 10B also represents the 15 starts and when it is completed, and updating status bits in 

process of placing a pointer to the management reply packet the transmit portions of the descriptor rings each time a 

into the appropriate transmit buffer, as symbolized by path packet has been completely transmitted. These operations 

869B in FIG. 9. In this hypothetical, it is assumed that the are symbolized by paths 873, 875, 876 and 878 in FIG. 9. 

reply packet is to be sent to some machine coupled to Block 893 represents the process carried out by the 

port/media 2 since the pointer to the reply packet is placed 20 Ethernet processor 804 of monitoring the receive portions of 

by the SNMP agent into the #2 transmit buffer 868. After the the descriptor ring 808 for completion of successful packet 

pointer is placed in the transmit buffer for the appropriate reception and monitoring the transmit portions of the 

port, the LCC assigned to that port will find the pointer in its descriptor ring to determine when transmission of packets 

transmit buffer during polling thereof and begin tnuunitting by each LCC has been successfully completed. These opera- 

the packet 25 tions are symbolized by path 881 in FIG. 9. The descriptor 

The Btherenet processor 804 in FIG. 1 is assigned to • rings 808 are portions of shared memory 800 which are used 

allocate memory in the shared, multiport, high-speed by the LCC' s to store pointers to their receive and transmit 

memory 800 for the receive buffer 871 and to program the buffers, CRC error and collision information, and bits, the 

LCC's so that Ihey know where their respective portions of logical state of which indicate when packet reception is 

the receive buffer 871 are located. In the preferred embodi- 30 starting and when it is finished and when transmission of a 

ment shown in FIG. 9, only one block of memory is packet pointed to by a pointer in the transmit buffer of that 

allocated for the receive buffer 871, and each LCC uses LCC has been completed. 

whatever portion of this block is indicated to be free by data When the Ethernet processor finds a status bit in a receive 

stored in a Free Queue 896 to be discussed further below. portion of the descriptor ring in a state indicating that packet 

The embodiment of FIG. 9 differs from the embodiment of 35 reception has been completed and the packet is correct, the 

FIG. 7 in that in FIG. 7 there is a dedicated block of memory Ethernet processor determines where the packet is in the 

for the receive buffer and the transmit buffer for each LCC receive buffer of the corresponding LCC and (hen writes a 

The paths in FIG. 9 representing storage of received packets pointer to the location of (hat packet in the receive buffer 871 

in the receive buffer 871 by LCC's #1 and 2 are paths 873 into the queue 810 of the main microprocessor, as symbol- 

aand 875. To store a received packet in the receive buffer 40 ized by block 895. This transaction is represented by path 

871, the LCC consults the Free Queue 896 to determine 892 in FIG. 9. This function of the Ethernet processor 

which portions of the receive buffer are free, and then stares essentially multiplexes the status bits of the 12 descriptor 

the packet therein. The paths in FIG. 9 representing con- rings into a single location (queue 810) that the main 

suiting the Free Buffer 896 for the location of free memory microprocessor polls so that the main microprocessor does 

space by the LCCs are 901 and 903. The paths representing 45 not have to poll 12 different descriptor rings itself. In 

polling of the transmit buffers are 877 and 879 in FIG. 9. alternative embodiments, the main microprocessor could 

Block 883 in FIG. 10B represents the process carried out poll all 12 descriptor locations on the descriptor linked list 
by the main microprocessor under control of the operating or ring itself and then locate the received packets in the 
system kernel of awarding a timeslot to the console process receive buffers of any LCC's that have set status bits in their 
847 in FIG. 9. Block 885 then represents the process carried so descriptor rings that indicate that a packet has been success- 
out by the Console Process driving the main microprocessor fully received In another embodiment, the descriptor ring 
to carry out any necessary or requested command and/or could be a table instead of a linked list 
control operation. Block 895 also represents the process that the Ethernet 

Referring to FIG. 11, there is shown a flow chart of the processor performs when monitoring of the transmit par- 
processing carried out by the Ethernet processor 804. Hie 55 dons of the descriptor ring indicates that a packet has been 
first task to be performed is represented by block 887. This successfully transmitted, the Ethernet processor must deter- 
block represents the process wherein the Ethernet processor mine whether the packet has been transmitted by all LCC's 
allocates an adequate block of memory to accomodate both scheduled by the main microprocessor to send the packet 
receive and transmit buffers for the number of LCC's before the Ethernet processor can mark that packet's storage 
present In some embodiments, the Ethernet processor deter- 60 locations as available to store new incoming packets, lb do 
mines the number of LCC's present and actually connected this, the Ethernet processor examines the reference count of 
to media before allocating memory for the buffers, and, in the packet This is done as follows. When the Ethernet 
other embodiments, the Ethernet processor assumes that the processor discovers through monitoring the transmit por- 
number of LCC's present and connected to media is tions of the descriptor ring that a packet transmission has 
constant, and allocates memory adequate for receive and 65. occurred, the Ethernet processor reads the pointer to the 
transmit buffers for all the LCC's, Next, in block 889, the packet in the transmit buffer of the LCC which indicated it 
Ethernet processor informs the LCC's where their transmit had transmitted the packet The Ethernet processor then 
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marks that location in the transmit buffer as available to store Generally speaking, the doable password security feature 

another pointer, and uses the pointer to access the packet A allows a user or network administrator to set and alter 

specific field at the beginning or end of the packet stores a configuration data using his or her password, but requires 

reference count This is a number stored there by the main that a second user correctly enter a second password in order 

microprocessor which indicates how many ports on which 5 f or the network administrator to alter his or her password, 

the packet is scheduled to be transmitted. When the Ethernet This prevents a network administrator who is being termi- 

processordeteniimesfrommeto nated from entering the system, shutting off the ports, 

has been successfully transmitted, the Ethernet processor changing user privileges or otherwise rendering the system 

^ ^I^f^ Md /^ m «*f {t h J 0DC - less useable or inoperative and then changing his or her 

Block897 s men performed by the Emer^et processor to 1Q ^ unbeknownst t0 otner employees so those other 

determine if the reference count has reached zero. If not, 1~ . _ M , . ^~^u, mm „<i„„*A 

processing returns to block 893 to continue monitoring the f^£ S 

kscriptorring. If so, processing proceeds to theprocSsof ^network administtat or is terminated. In some 

block 899 to mark the storage locations occupied by the embedments, the second employee cannot have access to 

bytes of the packet as available for storage of new packets. ^ privilege and configuration data through the second 

In carrying out this process, the Ethernet processor writes a 15 password gateway. 

pointer to the packet just transmitted into the Free Queue 10 the preferred embodiment of the dual password secu- 

896. As a result, the ftee Queue serves as a map of all rity arrangement as symbolized by FIG. 12, two secure 

available memory storage locations in receive buffer 871. passwords and a master password are used. Referring to 

This permits optimum utilization of the storage capacity of FIG. 12, a system administrator 910 can have access to some 

the block of memory reserved for the receive buffer over the 20 operational functionality 912 of the system he is adminis- 

embodiment symbolized by FIG. 7 since some receive taring by entering the correct Master Privilege Alteration 

buffers will empty faster than others because of bottlenecks Password (MPPW), as symbolized by line 914. The MPPW 

or high traffic volume on particular ports causing slower is entered through any user input device and is passed by an 

rates of transmission of packets out that port Typically that operating system (not shown) to a master privilege alteration 

will happen on ports coupled to servers or serving as 15 password gateway function 916. Typically this function will 

backbone connections to hubs coupled to other high volume ^ cameo- out by a software routine that controls a computer 

networks. t0 comparc mc MPPW entered against a stored MPPW. If 

In the embodiments of HG. 9, the receive buffer is there is a access is ted t0 the desired 

comprised of a plurality of fixed size blocks of memory toctlonali ty ( ^ symbolized by line 918. In the case of the 

which are each frgeenougij Mto s^ejaleast onej^t of ^ t Hub and Packet Switching machines described 

the maximum allowable length defined by the TCP/IP pro- . , 5 . . ,. . . . 

tocol. The pointers in the fi£c Queue therefore do not need ^l* C ^™^™** T °T^ 

to include length information and only need to point to the *f° mthe fivstem administrator yia paths 914 and 918 through 

starting address of one of the blocks of predetermined length S^ty to alter user privileges, turn ports on or off, or 

in the receive buffer. Because these fixed length blocks make otherwise set or modify the machine configuration, 

programming simpler and the program executes faster, mis & Alternatively, in other contexts, the block 912 can represent 

approach represents a tradeoff of memory inefficiency for the operational arena or main functionality of the system 

increased performance. Because some packets are smaller being controlled such as an operating system, financial 

than the maximum allowable length, more efficient use of reporting or accounting system, document or other file in 

the memory could be made if the pointers in the Free Queue any word processing, spreadsheet, database or other system 

included both a starting address to the free block as well as 40 to be operated, configured or controlled. If the MPPW 

the length of the block. In such an embodiment, there would gateway function 916 finds a mismatch between the MPPW 

be no blocks of predefined length, and each received packet password entered and the previously stored MPPW, access 

would consume as much of the receive buffer as it needed. to the functionality 912 is blocked, as symbolized by block 

In such an embodiment, all pointers to packets would 920. 

include both the starring address of the packet in the receive 45 If the system administrator wishes to change the MPPW, 

buffer as well as its length. This approach yields greater two secret password gateways need to be satisfied. The first 

memory efficiency at the expense of performance. step in this process requires that system administrator enter 

Of course, in another alternative embodiment, the rune- a command or select a menu option requesting to change the 

tions of FIGS. 10 and 11 could all be performed by a single MPPW. The computer programmed in accordance with the 

imCToprocessor. Arbitration of contention for the ports of the 50 teachings of the invention then responds by asking the 

shared high speed memory is accomplished in the subgenus system administrator to enter a first secret password. Entry 

of embodiments represented by FIGS. 8-11 in the same of this secret password #1 is symbolized by path 922. A first 

manner as it was accomplished in the subgenus of embodi- secret password gateway function 924 then compares the 

meats represented by FIG. 7. Specifically, a field program- secret password #1 entered by the system administrator to a 

mable gate array (not shown) like FPGA 838 in FIG. 7 can 55 stored secret password #1 to which the system admin strator 

be included as part of the high speed memory system and has no access. If the password entered by the system 

used to monitor for contention on the address, data and administrator does not match the stored secret password #1, 

control pins of the memory chips in the high speed memory access to the function 926 to change the MPPW password is 

and award control thereof to one of the nucroprocessors. blocked, as symbolized by block 928 and path 930. If the 

DUAL PASSWORD SECURITY FEATURE 60 password entered by the system administrator matches the 

The following feature is applicable not only to provision stored secret password #1, path 932 is taken to the second 

of security for the configuration and password data on the secret password gateway functionality 934. The second 

hub with integrated bridge and packet switching machines secret password gateway 934 is a routine which controls the 

disclosed here, but to any other password protected hard- computer to ask for a second secret password which the 

ware or software system as well. However, the discussion 65 system administrator 910 docs not know and to which he or 

herein will be limited to protection of the hub with integrated she has no access. To satisfy mis gateway, another user, 

bridge. which for this example will be called the supervisor 936 
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enters secret password #2, as symbolized by path 938. If this 
password matches a stored version of secret password #2, 
then access to the function 926 to change the MPPW 
password is granted, as symbolized by path 940. If the 
password received by the second gateway 934 is incorrect, 
access to the function 926 to change MPPW is blocked, as 
symbolized by path 942. Thus, the system administrator can 
change privileges, alter the configuration etc. as long as he 
knows the MPPW password, but he cannot alter the MPPW 
without permission from the supervisor or unless he knows 
both secret passwords #1 and #Z 

In alternative embodiments, secret password #2 gateway 
function 934 can impose a time limit on the rime to enter 
secret password #2 or can impose a maximum limit on the 
number of incorrect attempts before access is blocked from 
all further attempts for a prolonged period of time or until 
the system is reset 

In the genus of packet switching machines, the double 
password security system described above can be imple- 
mented as part of any command and control process. For 
example, the double password security system can be imple- 
mented as part of step 885 in FIG. 10B. likewise, the double 
password security system can be implemented as part of any 
management and control or console process in the genus of 
embodiments described herein having a hub with an integral 
bridge such as any of the Network slice" embodiments. For 25 
example, the double password security process could be 
implemented as part of the console command process 282 in 

fig. 4. 

In some embodiments of the double password security 
system, the computer which implements said system will 
have multiple terminals or will be a server computer in a 
network with multiple satellite computers coupled to said 
server computer through a hub and local area network 
segments. In such embodiments, the computer or server 
computer implementing the double password security sys- 
tem is programmed to assume that when access to shared 
assets on said computer or server such as shared files, shared 
programs or shared functions etc. is sought through a 
particular terminal or a particular satellite computer that a 
particular user is attempting the access as the computer 
assumes that particular users always use the same satellite 
computer or terminal. Each user has his or her own secret 
password that must be entered properly at a sign on screen 
to gain access to the shared assets on the computer. Thus, 
when access is sought through a particular terminal, the 
computer or server will assume that a particular user is 
logging on and ask for that user's password. In these 
embodiments, the function to change the master password 
can be one of the shared assets. To implement such an 
emrxxliment, the central computer or server computer is 
programmed to implement the two secret password gate- 
ways 924 and 934 on two separate satellite computers or 
terminals. To implement such an emrx>dimeat, if user 1 logs 
in on terminal 1 using the correct log on password for that 
user and requests to change the master password of the 
gateway to the system configuration or privileges file, the 
central computer or server is programmed to request entry of 
the first secret password on terminal 1 (or satellite computer 
1) and request entry of the second secret password on 
terminal 2 (or satellite computer 2). Thus, a second user has 
to successfully log on on terminal 2 and then enter the 
correct second secret password before access to the function 
to change the master password will be granted. This embodi- 
ment provides a third level of password security over the 
first and second secret password gateways. 

Appendix A hereto is the source code for the hub/bridge 
embodiments of FIGS. 1-6 and 12. This code is intended for 
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the Motorola 6S000 microprocessor, but may be ported to 
other platforms. 

Appendix B hereto are the schematic diagrams for the 
hub/bridge ernbodiments of FIGS. 1-6 and 12. 

Appendix C hereto is the Boolean logic for the program- 
mable gate arrays for the hub/bridge embodiments of FIGS. 
1-6 and 12. 

Appendix D hereto is the Boolean logic for the field 
programmable gate array structure in the packet switching 
embodiments disclosed herein in FIGS. 7-12. 

Appendix E, comprised of two portions, is a hexadecimal 
version of the code that controls the microprocessors in the 
preferred packet switching embodiment disclosed herein. 
Part I of Appendix E, comprised of pages 1-29, is the boot 
code that allows the code of Part II to be read into DRAM 
822 in FIG. 8 from nonvolatile flash ROM 805 in FIG. 8 at 
boot time for execution from DRAM. Part H of Appendix E, 
comprised of pages 1 through 97, is the portion of the code 
that does the packet switching function. The main micro- 
processor 806 in FIG. 8 begins executing the code of Part I 
and determines therefrom that there is a portion of code from 
Part II that is intended for execution by the Ethernet pro- 
cessor 804 that needs to be loaded into the shared SRAM 
800. The main microprocessor then loads the appropriate 
portion of the Part H code into SRAM 800 such that the 
Ethernet processor can start execution. The remaining por- 
tion of the Part n code is executed by the main rmcropro- 
cessor out of DRAM 822. Both Parts I and II are ported for 
the Motorola MC68EC040 microprocessor. 

Although the invention has been described in terms of the 
preferred and alternative embodiments disclosed herein, 
those skilled in the art will appreciate other modifications 
which may be made without departing from the spirit and 
scope of the invention. All such modifications and enhance- 
ments are intended to be included within the scope of the 
claims appended hereto. 

What is claimed is: 

1. An apparatus for connection to first and second net- 
works of computing machines, each said network having 
different network addresses for computer software processes 
in execution on machines coupled said first and second 
networks, comprising: 

a support structure; 

memory means mechanically coupled to said support 
structure for storing data and a computer program, said 
data comprising data packets to be transmitted on said 
first network stored in a first transmit buffer, and data 
packets to be transmitted on said second network stored 
in a second transmit buffer, and data packets received 
from said first network stored in a first receive buffer, 
and data packets received from said second network 
stored in a second receive buffer; 

a one or more hub port means affixed to said support 
structure, for coupling to said first network external to 
said support structure via a plurality of corresponding 
transceiver cables which are coupled to and carry data 
packets to and from a plurality of machines each of 
which is coupled to one tranceiver cable, each of said 
machines having a network address and each of said 
machines having at least one computer software pro- 
cess in execution thereon, each said data packet having 
a source network address indicating the machine and 
network from which the data packet originated and 
having a destination network address indicating the 
machine and network to which the packet is directed 
each said hub port means for sending data packets out 
on said first network via a corresponding one of said 
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plurality of transceiver cables and for receiving data receive buffer if the destination network address of the 

packets from said first network via said one of said data packet is on the same network as the source 

plurality of transceiver cables; network address from which said data packet 

hub means for receiving a data packet from any of said originated, 
hub port means and for retransmitting each said data 5 and wherein said computer program includes one or more 
packet out on said first network through every other routmc « to manage sa j d f d scco D d transmit buff- 
said hub pert means coupled to said first network other « and ^ &st and second receive b^ers in said 
than said hub port means from which said data packet mcmoi y means as linked lists which record the 
was received, and for sending all said retransmitted sequence in which each data packet ^received in the 
data packets out on a data path affixed to said support w case of the first and second receive buffers and record 
structure and which carries data which came from or * e sequences in which the data packets are to be 
which is bound for said first network segment, each transmitted in the case of the transmit buffers, and 
said data packet having a source network address wherein each linked list is comprised of individual data 
identifying the network address of the machine from P ackcts f <H*™f addresses in one of said 
which the data originated and a destination network 15 buffers, and each data packet is stored with an assod- 
address identifying the network address of the machine atcd P ointcr which f 00 ^ indicating die address 
for which the data is bound; of me next **** P 2 "** m me sequence recorded in said 

„ . ^ . . _ linked list, and wherein said hub means includes an 

first n^ork controller means affixed to said support attachmeDt unit interface port at which data packets 

structure for retrieving data packets from said first said ^ ue repeated for 

transmit buffer in said memory means and for sending " transmission, 

said retrieved data packets out on said first network by . . . . . . , . „ . ... 

sending said data Jackets to said hub means via said and s * d t hub h ."lf?! mdU w 80 ■f"*"'™* UI * 

data pain, and for receiving data packets from said hub ff 8 " at wluch , P"* 6 ' 8 . rece,ved H fro ? 8a ? d 

™™ „:1 Z-a *+Z:„ n oniA first network are repeated for transmission, and wherein 
means via said data path and storing said data packets . , , ^_ \ ^ t . \ _ , 
. . , - . . . . . ° . 25 said second network controller means and said attach- 
in said first receive buffer in said memory means; A . . _ k . ^ , ^ , 

ment unit interface port are selectively, alternatively 

second network transceiver means affixed to said support coupled to said second network transceiver means by a 

structure for receiving data packets from said second switch 

network and for transmitting data packets on said 2 . The apparatus of claim 1 wherein said switch being 

second network; 30 coupled to and controlled by said computer means which is 

second network controller means affixed to said support controlled by said computer program, and further compris- 
structurc and coupled to said second network trans- ing a routine in said computer program to selectively imple- 
ceiver means and coupled to said memory means, for ment a bypass mode wherein said switch is set by said 
retrieving data packets from said second transmit buffer computer program to a position to cut off said second 
in said memory means and for sending said retrieved 35 network controller means from said second network trans- 
data packets to said second network transceiver means ceiver means and said attachment unit interface port is 
for transmission on said second network, and for coupled directly to said second network transceiver means 
receiving data packets from said second network trans- such that said second network controller is bypassed thereby 
ceiver means received from said second network and disabling said bridge means such that data packets received 
for storing said data packets in said second receive 40 from either said first network segment or said second 
buffer, network segment arc automatically transmitted on the other 

computer means affixed to said support structure and network segment regardless of the location of the destination 

coupled to said memory means, said hub means and address of any particular data packet and wherein said 

said first and second network controllers by an address computer program includes means for implementing a 

and control bus and by a data bus, said computer means 45 bypass mode, a bridge mode and an isolate mode, and 

for executing said computer program stored in said further includes means for storing data in forwarding vectors 

memory means, said computer program including and using said forwarding vectors to speed up processing of 

bridge means for selectively coupling data packets data packets in said receive buffers of said first and second 

from said first network to said second network and vice networks, each said forwarding vector comprising a desig- 

versa, said selective coupling performed by reading at so nated memory location for a corresponding one of said first 

least the destination network address of each received or second networks which stores a pointer address pointing 

data packet in said first and second receive buffers in to the starting address in said memory means of a bypass 

said memory means and, for each data packet, com- mode routine which is executed if said bypass mode is 

paring the destination network address to which the ' active, said forwarding vectors storing the address of a 

data packet is to be sent to data indicating whether said 55 bridge mode routine if said bypass mode is not active and 

destination network address is located on said first said bridge mode is active, said forwarding vectors storing 

network or on said second network, and, if the data the address of an isolate mode routine if said isolate mode 

packet was retrieved from said first receive buffer but is active, said bypass mode routine and said isolate mode 

is addressed to a destination network address on said routine for discarding each data packet that came from a 

second network, for forwarding said data packet to said 60 machine coupled to said first network by rearranging said 

second network controller via said data bus, and, if the pointers on said linked Hst in said first receive buffer so as 

data packet was retrieved from said second receive to skip over said data packet to be discarded if the pointer 

buffer but is addressed to a destination network address address in said forwarding vector for said second network 

on said first network for forwarding said data packet to points toward said bypass mode routine or said isolate mode 

said first network controller via said -data bus for 65 routine, and, if said data packet came from said second 

transmission on said first network and for discarding network and the pointer address in said forwarding vector 

any data packet retrieved from either the first or second for said first network points to said bypass mode routine or 
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said bridge mode routine, for pladng said data packet 
received from said second network in the linked list stored 
in said first transmit buffer by rearranging the pointers of 
said linked list to point to said data packet to be forwarded 
so that said data packet will be transmitted on said first 
network in the sequence defined by the pointers of the linked 
list associated with said first transmit buffer, said isolate 
mode routine also for discarding each data packet that 
originated in a machine coupled to said second network if 
the pointer address in said forwarding vector for said first 
network points to said isolate mode routine, said discarding 
being accomplished by rearranging said pointers on said 
linked list in said second receive buffer to skip over said data 
packet to be discarded. 

3> An apparatus far connection to first and second local 13 
area networks, each said network coupled to a plurality of 
computing machines by a plurality of transceiver lines, each 
said network having different network addresses for com- 
puting machines coupled thereto, comprising: 
a support structure including a housing; 
memory means mechanically coupled to said support 
structure for storing data and a computer program, said 
data comprising data packets to be transmitted on said 
first network stored in a first transmit buffer, and data 
packets to be transmitted on said second network stored 
in a second transmit buffer, and data packets received 
from said first network stored in a first receive buffer, 
and data packets received from said second network 
stored in a second receive buffer, 
twenty six or fewer hub port means affixed to said support 
structure, for coupling to a first network via a plurality 
of corresponding transceiver lines each said transceiver 
line coupled to and carrying data to and from one of a 
plurality of computing machines each of which has 
computer software processes in execution thereon, each 
said computing machine having a network address, and 
wherein each said computing machine coupled to either 
said first or second network can either send or receive 
data on said network to which it is coupled, and when 
sending data packets on said network will include in 
said data packet the computing machine's network 
address as the source address and, when receiving data 
packets, said data packets win have the network 
address of said computing machine as the destination 
address, each said hub port means for sending data 
packets out on said first network segment via a corre- 
sponding transceiver line and for receiving data packets 
from computing machines coupled to said first network 
via the transceiver lines coupled thereto; 
hub means for receiving a data packet from any of said 
hub port means and for retransmitting each said data 
packet out on said first network through every other 
said hub port means coupled to said first network other 
than said hub port means from which said data packet 55 
was received, and for sending all said retransmitted 
data packets out on a first data bus affixed to said 
support structure and which carries data which came 
from or which is bound for said first network, each said 
data packet having a source network address identify- go 
ing the network address of the computing machine 
from which the data originated and a destination net- 
work address identifying the network address of the 
computing machine for which the data is bound; 
first network controller means affixed to said support 65 
structure for retrieving data packets -from said first 
transmit buffer in said memory means and for sending 
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said retrieved data packets out on said first network by 
sending said data packets to said hub means via said 
data path, and for receiving data packets from said hub 
means via said data path and storing said data packets 
in said first receive buffer in said memory means; 
second network transceiver means affixed to said support 
structure for receiving data packets from said comput- 
ing machines coupled to said second network and for 
transmitting data packets on said second network; 
second network controller means affixed to said support 
structure and coupled to said second network trans- 
ceiver means, for retrieving data packets from said 
second transmit buffer in said memory means and for 
sending said retrieved data packets to said second 
network transceiver means for transmission on said 
second network, and for receiving data packets from 
said second network transceiver means and for storing 
said data packets in said second receive buffer; 
computer means affixed to said support structure and 
coupled to said memory means and to said first and 
second network controllers and coupled to said hub 
means by an address and control bus and by a data bus, 
said computer means for executing a computer program 
stored in said memory means, said computer program 
including bridge means for selectively coupling data 
packets from said first network to said second network 
and vice versa, said selective coupling performed by 
reading at least the destination network address of each 
received data packet in said first and second receive 
buffers in said memory means and, for each data 
packet, comparing the destination network address 
associated with the computing machine to which the 
data packet is to be sent to data indicating whether said 
destination network address is located on said first 
network or on said second network, and, if the data 
packet was retrieved from said first receive buffer but 
is addressed to a destination network address on said 
second network, for forwarding said data packet to said 
second network controller via said data bus, and, if the 
data packet was retrieved from said second receive 
buffer but is addressed to a destination network address 
on said first network, for forwarding said data packet to 
said first network controller via said data bus for 
transmission on said first network and for discarding 
any data packet retrieved from either the first or second 
receive buffer if the destination network address of the 
data packet is on the same network as the source 
network address from which said data packet 
originated, said computer program further comprising 
management means far receiving management com- 
mands and requests to control or gather data from said 
hub means, said hub port means, said first network 
controller means, said second network controller 
means, said second transceiver means or said bridge 
means from any external source or from a machine 
coupled to either said first or second networks, and for 
carrying out said commands or garnering the requested 
data and sending said data back to the source that 
originated said data request 
, 4. The apparatus of claim 3 wherein said control program 
further comprises means for implementing the national 
standard Internet Protocol defined by RFC 791, the Internet 
Control Message Protocol defined by RFC 792, the Address 
Resolution Protocol defined by RFC 826, and the Reverse 
Address Resolution Protocol defined by RFC 903 as these 
protocols were defined and published by the IETF at the time 
this application was filed. 
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5. The apparatus of claim 4 wherein said management 
means implements the Simplified Network Management 
Protocol defined in national standard RFC 1157 and the User 
Datagram Protocol defined in national standard RFC 768 as 
these protocols were defined and published by the IETF at 5 
the time this application was filed. 

6. The apparatus of claim 5 wherein said management 
means further comprises means to implement the Transmis- 
sion Control Protocol defined in national standard RFC 793, 
and the Telnet Service Protocol as defined in national 10 
standard RFC 854 as these protocols were defined and 
published by the IETF at the time this application was filed. 

7. The apparatus of claim 3 wherein said bridge means 
implements the spanning tree, filtering by protocol bridging 
process defined in I.H.E.B. standard SO 1. 1 (d) as this standard 15 
was defined at the time this application was filed.. 

8. The apparatus of claim 4 wherein said bridge means 
implements national standard RFC 1286 published by the 
IETF as of the time this application was filed and wherein 
said hub means implements national standard RFC 1368 20 
published by the IETF as of the rime of filing of this 
application. 

9. An apparatus for connection to first and second 
networks, each said network having different network 
addresses for different machines coupled thereto, compris- 25 
ing: 

a support structure including a housing; 

memory means mechanically coupled to said support 
structure for storing data and a computer program, said 
data comprising data packets to be transmitted on said 30 
first network stored in a first transmit buffer, and data 
packets to be transmitted on said second network stored 
in a second transmit buffer, and data packets received 
from said first network stored in a first receive buffer, 
and data packets received from said second network 35 
stared in a second receive buffer; 

twenty six or fewer hub port means affixed to said support 
structure, for coupling to a first network external to said . 
support structure via a plurality of corresponding trans- ^ 
ceiver lines each of which is coupled to and carry data 
to and from one of said plurality of machines coupled 
to said first network, each of which has computer 
software processes in execution thereon, each said hub 
port means for sending data packets out on said first 45 
network via a corresponding transceiver cable and for 
receiving data packets from said first network via a 
corresponding transceiver cable; 

hub means for receiving a data packet from any of said 
hub port means and for retransmitting each said data 50 
packet out on said first network through every other 
said hub port means coupled to said first network other 
than said hub port means from which said data packet 
was received, and for sending all said retransmitted 
data packets out on a data path affixed to said support 55 
structure and which carries data which came from or 
which is bound for said first network, each said data 
packet having a source network address identifying the 
network address of the machine from which the data 
originated and a destination network address identify- go 
ing the network address of the machine for which the 
data is bound; 

first network controller means affixed to said support 
structure for retrieving data packets from said first 
transmit buffer in said memory means and for sending 65 
said retrieved data packets out on said first network by 
sending said data packets to said hub means via said 
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data path, and for receiving data packets from said hub 
means via said data path and storing said data packets 
in said first receive buffer in said memory means; 

second network transceiver means affixed to said support 
structure for receiving data packets from machines 
coupled to said second network, and for transmitting 
said data packets 00 said second network; 

second network controller means affixed to said support 
structure and coupled to said second network trans- 
ceiver means, for retrieving data packets from said 
second transmit buffer in said memory means and for 
sending said retrieved data packets to said second 
network transceiver means for transmission on said 
second network, and for receiving data packets from 
said second network transceiver means and for storing 
said data packets in said second receive buffer; 

computer means affixed to said support structure and 
coupled to said memory means and to said first and 
second network controllers and said hub means by an 
address and control bus and by a data bus, said com- 
puter means for executing a computer program stored 
in said memory means, said computer program includ- 
ing bridge means for selectively coupling data packets 
from said first network segment to said second network 
segment and vice versa, said selective coupling per- 
formed by reading at least the destination network 
address of each received data packet in said first and 
second receive buffers in said memory means and, for 
each data packet, comparing the network destination 
address associated with the network address to which 
the data packet is to be sent to data indicating whether 
said destination network address is located on said first 
network or on said second network, and, if the data 
packet was retrieved from said first receive buffer but 
is addressed to a destination network address on said 
second network, for forwarding said data packet to said 
second network controller via said data bus, and, if the 
data packet was retrieved from said second receive 
buffer but is addressed to a destination network address 
on said first network, for forwarding said data packet to 
said first network controller via said data bus for 
transmission on said first network and for discarding 
any data packet retrieved from either the first or second 
receive buffer if the destination network address of the 
data packet is on the same network as the source 
network address from which said data packet 
originated, said computer program means further com- 
prising management means for receiving management 
commands and requests to control or gather data from 
said hub means, said hub port means, said first network 
controller means, said second network controller 
means, said second transceiver means or said bridge 
means from any external source or from a machine 
coupled to either said first or second networks, and far 
carrying out said commands or gathering the requested 
data and outputting the requested data to whatever 
external source or machine coupled to either said first 
or second network requested the data, and wherein said 
computer program further comprises bridge bypass 
means for selectively disabling said bridge means such 
that every data packet retrieved from said first receive 
buffer is forwarded to said second network controller 
means via said data bus for transmission on said second 
network, and every data packet retrieved from said 
second receive buffer is forwarded to said first network 
controller means via said data bus for transmission on 
said first network. 
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10. The apparatus of claim 9 wherein said management 
means implements the SNMP management protocol. 

11. The apparatus of claim 10 further comprising a 
modem port coupled to said management means such that 
said management commands and requests to gamer data can 5 
be sent to said management means from a management 
process in execution elsewhere and coupled to said man- 
agement means only by a modem and a telephone circuit 

12. The apparatus of claim 9 wherein said computer 
program further comprises means for implementing the 1Q 
national standard Internet Protocol defined by RFC 791, the 
Internet Control Message Protocol defined by RFC 792, the 
Address Resolution Protocol defined by RFC 826, and the 
Reverse Address Resolution Protocol defined by RFC 903 as 
these protocols were defined and published by the IETF at 
the time this application was filed. ( 12 

13. The apparatus of claim 12 wherein said management 
means implements the Simplified Network Management 
Protocol defined in national standard RFC 1 157 and the User 
Datagram Protocol defined in national standard RF C 768 as 
these protocols were defined and published by the IETF at 20 
the time this application was filed. 

14. The apparatus of claim 13 wherein said management 
means further comprises means to implement the Transmis- 
sion Control Protocol defined in national standard RFC 793, 
and the Telnet Service Protocol as defined in national 1S 
standard RFC 854 as these protocols were defined and 
published by the IETF at the time this application was filed. 

15. An apparatus for connection to first and second 
segments of a network, each said segment of said network 
characterized by different network addresses for computer 3Q 
software processes in execution on machines coupled 
thereto, comprising: 

a support structure including a housing; 

memory means mechanically coupled to said support 
structure for storing data and a computer program, said 35 
data comprising data packets to be transmitted on said 
first network segment stored in a first transmit buffer, 
and data packets to be transmitted on said second 
network segment stared in a second transmit buffer, and 
data packets received from said first network segment 40 
stored in a first receive buffer, and data packets received 
from said second network segment stored in a second 
receive buffer; 

a plurality of hub port means affixed to said support 
structure, for coupling to a first network segment exter- 45 
nal to said support structure via a plurality of corre- 
sponding transceiver lines , which are coupled to and 
carry data to and from a plurality of machines each of 
which has computer software processes in execution 
thereon, each said computer software process having a 50 
network address, and wherein at least some of said 
computer software process are sources of data packets, 
in which case a data packet transmitted by said com- 
puter software process will contain the network address 
of said computer software process as the source net- 55 
work address, and wherein at least some of said com- 
puter software processes are destinations for data 
packets, in which, case a data packet received by said 
computer software process will contain the network 
address of said computer software process as the des- 60 
tination network address, each said hub port means for 
sending data packets out on said first network segment 
via a corresponding transceiver line and for receiving 
data packets from said first network segment via a 
corresponding transceiver line; 65 

hub means for receiving a data packet from any of said 
hub port means and for retransmitting each said data 



54 

packet out on said first network segment through other 
said hub port means coupled to said first network 
segment, and for sending all said retransmitted data 
packets out on a data path affixed to said support 
structure and which carries data which came from or 
which is bound for said first network segment, each, 
said data packet having a source network address 
identifying the network address of the machine from 
which the data originated and a destination network 
address identifying the network address of the machine 
for which the data is bound; 
first network controller means affixed to said support 
structure for retrieving data packets from said first 
transmit buffer in said memory means and for sending 
said retrieved data packets out on said first network 
segment by sending said data packets to said hub means 
via said data path, and far receiving data packets from 
said hub means via said data path and storing said data 
packets in said first receive buffer in said memory 
means; 

second network transceiver means affixed to said support 
structure for receiving data packets and for transmitting 
said data packets on said second network segment via 
a repeater and a plurality of media access units cou- 
pling said repeater to conductors of said second net- 
work segment; 

second network controller means affixed to said support 
structure and coupled to said second network trans- 
ceiver means, for retrieving data packets from said 
second transmit buffer in said memory means and for 
sending said retrieved data packets to said second 
network transceiver means for transmission on said 
second network segment, and for receiving data pack- 
ets from said second network transceiver means and for 
storing said data packets in said second receive buffer; 

computer means affixed to said support structure and 
coupled to said memory means and to said first and 
second network controllers and said hub means by an 
address and control bus and by a data bus, said com- 
puter means for executing a computer program stored 
in said memory means, said computer program includ- 
ing bridge means for selectively coupling data packets 
from said first network segment to said second network 
segment and vice versa when a bridge mode is active, 
said selective coupling performed by reading at least 
the destination network address of each received data 
packet in said first and second receive buffers in said 
memory means and for each data packet, comparing the 
. network destination address associated with the net- 
work address to which the data packet is to be sent to 
data indicating whether said destination network 
address is located on said first network segment or on 
said second network segment, and, if the data packet 
was retrieved from said first receive buffer but is 
addressed to a destination network address on said 
second network segment, for forwarding said data, 
packet to said second network controller via said data 
bus, and, if the data packet was retrieved from said 
second receive buffer but is addressed to a destination 
network address on said first network segment, for 
forwarding said data packet to said first network con- 
troller via said data bus far transmission on said first 
Detwcxk segment and for discarding any data packet 
retrieved from either the first or second receive buffer 
if the destination network address of the data packet is 
on the same network segment as the source network 
address from which said data packet originated, and 
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wherein said computer program further comprises 
bridge bypass means for selectively disabling said 
bridge means when a bridge bypass mode is active such 
that every data packet retrieved from said first receive 
buffer is forwarded to said second network controller 
means via said data bus regardless of the destination 
network address of said data packet for transmission on 
said second network segment, and every data packet 
retrieved from said second receive buffer is forwarded 
to said first network controller means via said data bus 
regardless of the destination network address of said 
data packet for transmission on said first network 
segment, and wherein said computer program further 
comprises isolate means for selectively disabling said 
bridge means when an isolate mode is active by pre- 
venting any transfer of data packets from said first 
network segment to said second network segment 

16. The apparatus of claim 14 wherein said computer 
program includes means to implement the national standard 
SNMP management protocol. 

17. The apparatus of claim 16 further comprising man- 
agement means in said computer program for receiving and 
carrying out management commands received via modem or 
in-band management packets received as a data packet from 
a machine coupled to said first ox second network segments, 
and, wherein said isolate means includes means for directing 
any in-band management data packets that arrive from either 
said first or second network segment to said in-band man- 
agement means for processing thereby regardless of whether 
the in-band management data packet arrived from said first 
or said second network segment and regardless of whether 
said isolate mode is active. 

18. An apparatus for connection to first and second 
segments of a network, each said segment of said network 
characterized by different network addresses for computer 
software processes in execution on machines coupled 
thereto, comprising: 

a support structure including a housing; 

memory means mechanically coupled to said support 
structure for storing data and a computer program, said 
data comprising data packets to be transmitted on said 
first network segment stored in a first transmit buffer, 
and data packets to be transmitted oo said second 
network segment stared in a second transmit buffer, and 
data packets received from said first network segment 
stored in a first receive buffer, and data packets received 
from said second network segment stored in a second 
receive buffer; 

a plurality of hub part means affixed to said support 
structure, for coupling to a first network segment exter- 
nal to said support structure via a plurality of corre- 
sponding transceiver lines which are coupled to and 
carry data to and from a plurality of machines each of 
which has computer software processes in execution 
thereon, each said computer software process having a 
network address, and wherein at least some of said 
computer software process are sources of data packets, 
in which case a data packet transmitted by said com- 
puter software process will contain the network address 
of said computer software process as the source net- 
work address, and wherein at least some of said com- 
puter software processes are destinations for data 
packets, in which case a data packet received by said 
computer software process will contain the network 
address of said computer software process as the des- 
tination network address, each said hub port means for 
sending data packets out on said first network segment 
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via a corresponding transceiver line and for receiving 
data packets from said first network segment via a 
corresponding transceiver line; 

hub means for receiving a data packet from any of said 
hub port means and for retransmitting each said data 
packet out on said first network segment through other 
said hub port means coupled to said first network 
segment, and for sending all said retransmitted data 
packets out on a data path affixed to said support 
structure and which carries data which came from or 
which is bound for said first network segment, each 
said data packet having a source network address 
identifying the network address of the machine from 
which the data originated and a destination network 
address identifying the network address of the machine 
for which the data is bound; 

first network controller means affixed to said support 
structure for retrieving data packets from said first 
transmit buffer in said memory means and for sending 
said retrieved data packets out on said first network 
segment by sending said data packets to said hub means 
via said data path, and for receiving data packets from 
said hub means via said data path and storing said data 
packets in said first receive buffer in said memory 
means; 

second network transceiver means affixed to said support 
structure for receiving data packets and for transmitting 
said data packets on said second network segment via 
a repeater and a plurality of media access units cou- 
pling said repeater to conductors of said second net- 
work segment; 

second network controller means affixed to said support 
structure and coupled to said second network trans- 
ceiver means, for retrieving data packets from said 
second transmit buffer in said memory means and for 
sending said retrieved data packets to said second 
network transceiver means for transmission on said 
second network segment, and for receiving data pack- 
ets from said second network transceiver means and for 
storing said data packets in said second receive buffer; 

computer means affixed to said support structure and 
coupled to said memory means and to said first and 
second network controllers and said hub means by an 
address and control bus and by a data bus, said com- 
puter means for executing a computer program stored 
in said memory means, said computer program includ- 
ing bridge means for selectively coupling data packets 
from said first network segment to said second network 
segment and vice versa when a bridge mode is active, 
said selective coupling performed by reading at least 
the destination network address of each received data 
packet in said first and second receive buffers in said 
memory means and, for each data packet, comparing 
the network destination address associated with the 
network address to which the data packet is to be sent 
to data indicating whether said destination network 
address is located on said first network segment or on 
said second network segment, and, if the data packet 
was retrieved from said first receive buffer but is 
addressed to a destination network address on said 
second network segment, for forwarding said data 
packet to said second network controller via said data 
bus, and, if the data packet was retrieved from said 
second receive buffer but is addressed to a destination 
network address on said first network segment, for 
forwarding said data packet to said first network con- 
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troller via said data bus for transmission on said first 
network segment and for discarding any data packet 
retrieved from either the first or second receive buffer 
if the destination network address of the data packet is 
on the same network segment as the source network 5 
address from which said data packet originated, and 
wherein said computer program further comprises 
bridge bypass means for selectively disabling said 
bridge means when a bridge bypass mode is active such 
that every data packet retrieved from said first receive to 
buffer is forwarded to said second network controller 
means via said data bus regardless of the destination 
network address of said data packet for transmission on 
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said second network segment, and every data packet 
retrieved from said second receive buffer is forwarded 
to said first network controller means via said data bus 
regardless of the destination network address of said 
data packet for transmission on said first network 
segment, and wherein said computer program further 
comprises isolate means for selectively disabling said 
bridge means when an isolate mode is active by pre- 
venting any transfer of data packets from said first 
network segment to said second network segment. 
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